MongoDB client C Driver may infinitely loop when validating certain BSON input data
CVE-2023-0437

5.3MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb C Driver
Vendor: CVE Published:; 12 January 2024

Summary

An issue has been identified within the MongoDB C Driver where the bson_utf8_validate function may enter an infinite loop when processing certain inputs. This situation arises due to a specific exit condition that cannot be met, leading to prolonged resource usage and potential service disruptions. All versions prior to 1.25.0 of the MongoDB C Driver are impacted, necessitating immediate updates to prevent exploitation of this vulnerability.

Affected Version(s)

MongoDB C Driver 1.0.0 < 1.25.0

References

https://jira.mongodb.org/browse/CDRIVER-4747

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Jan 23, 2023

Credit

selmelc