[GODRIVER-1923] BSON cstrings are not properly validated Created: 16/Mar/21  Updated: 28/Oct/23  Resolved: 29/Mar/21

Status: Closed
Project: Go Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.5.1

Type: Bug Priority: Major - P3
Reporter: Divjot Arora (Inactive) Assignee: Divjot Arora (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to GODRIVER-2083 Test serialization of BSON with embed... Closed

 Description   

BSON marshalling functions would incorrectly handle null bytes embedded in BSON key names and the pattern/options fields of a BSON regex value. BSON marshalling functions now correctly validate and error if there is an embedded null byte in BSON key names or the pattern/options fields of a BSON regex value.

CVE ID: CVE-2021-20329

Title: Specific cstrings input may not be properly validated in the MongoDB Go Driver
Description: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.
CVSS score: 6.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products and versions, MongoDB Go Driver versions <= 1.5.0
Underlying operating systems affected: All



 Comments   
Comment by Githook User [ 14/Jun/21 ]

Author:

{'name': 'Isabella Siu', 'email': 'isabella.siu@mongodb.com', 'username': 'iwysiu'}

Message: GODRIVER-1923 Error if BSON cstrings contain null bytes (#622) (#684)

Co-authored-by: Divjot Arora <divjot.arora@10gen.com>
Branch: release/1.3
https://github.com/mongodb/mongo-go-driver/commit/98af5b4c5e755de06855976b05bed45b44b2d24a

Comment by Githook User [ 10/Jun/21 ]

Author:

{'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}

Message: GODRIVER-1923 Error if BSON cstrings contain null bytes (#622)
Branch: release/1.4
https://github.com/mongodb/mongo-go-driver/commit/4436297cc5371974a7f0aa5f0b0474ad2501ca35

Comment by Githook User [ 29/Mar/21 ]

Author:

{'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}

Message: GODRIVER-1923 Error if BSON cstrings contain null bytes (#622)
Branch: release/1.5
https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118

Comment by Githook User [ 29/Mar/21 ]

Author:

{'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}

Message: GODRIVER-1923 Error if BSON cstrings contain null bytes (#622)
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca

Comment by Divjot Arora (Inactive) [ 25/Mar/21 ]

https://github.com/mongodb/mongo-go-driver/pull/622

Generated at Thu Feb 08 08:37:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.