CVE-2017-17484 (Critical) detected in mongor5.1.0-rc0 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2017-17484 - Critical Severity Vulnerability

Vulnerable Library - mongor5.1.0-rc0

The MongoDB Database

Library home page: https://github.com/mongodb/mongo.git

Found in HEAD commit: 9c4537f1af3987a4f237e73712977c87c207c818

Found in base branch: main

Vulnerable Source Files (3)

/src/third_party/icu4c-57.1/source/common/ucnv_u8.c /src/third_party/icu4c-57.1/source/common/ucnv_u8.c /src/third_party/icu4c-57.1/source/common/ucnv_u8.c

Vulnerability Details

The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.

Publish Date: 2017-12-10

URL: CVE-2017-17484

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2017-17484

Release Date: 2017-12-10

Fix Resolution: release-60-2

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.