Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).
AnalysisAI
The legacy GridFS API in the MongoDB C Driver fails to validate file metadata fields retrieved from the database, enabling crafted documents stored in a GridFS collection to trigger either a division-by-zero crash (denial of service) or an out-of-bounds read that exposes process memory contents to the caller. Versions in the 1.x branch before 1.30.8 and 2.x branch before 2.2.4 are affected per EUVD-2026-31132. The CVSS 4.0 score of 6.0 accurately reflects a constrained attack path requiring low-privilege database access and a pre-positioned malicious document (AT:P), with no public exploit identified at time of analysis.
Technical ContextAI
The MongoDB C Driver (CPE: cpe:2.3:a:mongodb,_inc.:c_driver:*:*:*:*:*:*:*:*) is the official C-language client library used directly by applications and as an underlying component of higher-level MongoDB drivers. Its legacy GridFS API reads file metadata documents - including fields such as chunkSize and length - from the fs.files collection and uses them in arithmetic operations and memory offset calculations without adequate input validation. CWE-1285 (Improper Validation of Specified Index, Position, or Offset in Input) precisely describes the root cause: when the driver consumes a chunkSize value of zero, a downstream division operation produces a divide-by-zero fault, crashing the process. When a malformed length or offset field is accepted, the driver performs an out-of-bounds read, potentially returning arbitrary heap or stack memory contents to the application. The 'Buffer Overflow' tag attached to this CVE is a coarse automated classification; the actual mechanics are better characterised as improper offset validation leading to a read primitive rather than a classic write overflow.
RemediationAI
The primary remediation is to upgrade the MongoDB C Driver to version 1.30.8 or later for 1.x branch deployments, or to version 2.2.4 or later for 2.x branch deployments; the vendor-released patch is confirmed available per the reporter (MongoDB) and tracked at https://jira.mongodb.org/browse/CDRIVER-6281. Where immediate upgrade is not feasible, restrict write access to the fs.files and fs.chunks GridFS collections to only fully trusted application service accounts using MongoDB role-based access control - this raises the bar for an attacker to pre-position malformed documents, though it does not eliminate risk if any trusted application path can introduce externally-supplied metadata. As an additional compensating control, if the application does not strictly require the legacy GridFS API, migrating to the non-legacy GridFS implementation removes the vulnerable code path entirely, though this requires application-level changes and regression testing. Applications that do not use GridFS at all should confirm they are not linking against the legacy API surface to eliminate exposure. Note that restricting collection-level write permissions has the trade-off of potentially breaking application workflows that rely on direct GridFS document insertion.
Same technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31132
GHSA-87jr-c2qj-3qrg