Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4747

[Integer overflow] bson_utf8_validate

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.25.0, 1.24.5
    • Affects Version/s: None
    • Component/s: BSON, Security
    • Labels:
      None

      CVE ID:
      CVE-2023-0437

      Title:

      MongoDB client C-Driver may infinitely loop when validating certain BSON input data

      Description:

      When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C-Driver versions prior to versions 1.25.0.

      CWE:

      CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

      CVSS Score: 

      5.3

      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

      Affected Product Versions:
       All MongoDB C-Driver versions prior to versions 1.25.0

      Credit:

      selmelc

      Issue Found:
      External

      Internal Jira reference:
      CDRIVER-4747

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: