[CDRIVER-4747] [Integer overflow] bson_utf8_validate Created: 26/Oct/23 Updated: 24/Jan/24 Resolved: 30/Oct/23 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | BSON, Security |
| Affects Version/s: | None |
| Fix Version/s: | 1.25.0, 1.24.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Karman Liu | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Description |
|
CVE ID: Title: MongoDB client C-Driver may infinitely loop when validating certain BSON input data Description: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C-Driver versions prior to versions 1.25.0. CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') CVSS Score: 5.3 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Product Versions: Credit: selmelc Issue Found: Internal Jira reference: |
| Comments |
| Comment by Githook User [ 30/Oct/23 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: |
| Comment by Githook User [ 30/Oct/23 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: |