MongoDB client C Driver may infinitely loop when validating certain BSON input data
CVE-2023-0437

7.5HIGH

Key Information:

Vendor: MongoDB
Status: Mongodb C Driver
Vendor: CVE Published:; 12 January 2024

What is CVE-2023-0437?

An issue has been identified within the MongoDB C Driver where the bson_utf8_validate function may enter an infinite loop when processing certain inputs. This situation arises due to a specific exit condition that cannot be met, leading to prolonged resource usage and potential service disruptions. All versions prior to 1.25.0 of the MongoDB C Driver are impacted, necessitating immediate updates to prevent exploitation of this vulnerability.

Affected Version(s)

MongoDB C Driver 1.0.0 < 1.25.0

References

https://jira.mongodb.org/browse/CDRIVER-4747

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Jan 23, 2023

Credit

selmelc