Mongo C and C++ drivers security vulnerabilities (CVEs)

Ashish_Jain4 · January 7, 2025, 11:25am

Hi All,
During my application vulnerability scan found CVEs given below.
CVE-2016-6494 (C-Drivers)
CVE-2015-1609 (C-Drivers)
CVE-2012-6619 (C-Drivers)
CVE-2013-1892 (C-Drivers)
CVE-2013-2132 (C-Drivers)
CVE-2021-32036 (Cpp-Drivers) Can someone provide information are the resolved in C-Driver 1.27.5 and CPP-Drivers 3.10.2, because i found these are old vulnerabilities?

Thank you
Ashish

Kevin_Albertson · January 7, 2025, 1:44pm

Those CVEs do not appear related to C or C++ driver. One links to a Python driver ticket, and the rest to MongoDB server tickets:

CVE-2016-6494 links to SERVER-25335
CVE-2015-1609 links to SERVER-17264
CVE-2012-6619 links to SERVER-7769
CVE-2013-1892 links to SERVER-9124
CVE-2021-32036 links to SERVER-59294
CVE-2013-2132 links to PYTHON-532

The “Fix Version/s” fields on the PYTHON and SERVER tickets note the versions with the fix.

Ashish_Jain4 · January 9, 2025, 4:53am

Thank you the reply @Kevin_Albertson