bsoniternextinternal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
{ "vanir_signatures": [ { "id": "CVE-2018-16790-0cbcc3ef", "digest": { "line_hashes": [ "230572384828147726758798177231607784127", "193010568396572323432057629638187778761", "308383410363642545101968445688044955292", "130065544884910772829299049170521137569" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "src/libbson/tests/test-bson.c" }, "signature_version": "v1", "source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84" }, { "id": "CVE-2018-16790-3343d43e", "digest": { "length": 5661.0, "function_hash": "193941486342430174099491069527724778591" }, "signature_type": "Function", "deprecated": false, "target": { "file": "src/libbson/src/bson/bson-iter.c", "function": "_bson_iter_next_internal" }, "signature_version": "v1", "source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84" }, { "id": "CVE-2018-16790-48ddd07c", "digest": { "length": 4620.0, "function_hash": "5190524972303662446291243879713015595" }, "signature_type": "Function", "deprecated": false, "target": { "file": "src/libbson/tests/test-bson.c", "function": "test_bson_validate" }, "signature_version": "v1", "source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84" }, { "id": "CVE-2018-16790-f31c3ccb", "digest": { "line_hashes": [ "25158063395939030907992834329443035559", "151438777202799389720665076878289151096", "76831124799274643912930820928241724466", "248988458287290360667449641644212888333" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "src/libbson/src/bson/bson-iter.c" }, "signature_version": "v1", "source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84" } ] }