Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4747

[Integer overflow] bson_utf8_validate

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 1.25.0, 1.24.5
    • None
    • BSON, Security
    • None

    Description

      CVE ID:
      CVE-2023-0437

      Title:

      MongoDB client C-Driver may infinitely loop when validating certain BSON input data

      Description:

      When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C-Driver versions prior to versions 1.25.0.

      CWE:

      CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

      CVSS Score: 

      5.3

      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

      Affected Product Versions:
       All MongoDB C-Driver versions prior to versions 1.25.0

      Credit:

      selmelc

      Issue Found:
      External

      Internal Jira reference:
      CDRIVER-4747

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: