Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-0437
HistoryJan 12, 2024 - 2:15 p.m.

CVE-2023-0437

2024-01-1214:15:47
CWE-835
[email protected]
web.nvd.nist.gov
16
cve
2023
0437
mongodb
c driver
security
validation
loop

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

When calling bson_utf8_validateΒ on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

Affected configurations

NVD
Node
mongodbc_driverRange<1.25.0mongodb

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB C Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "1.25.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
veracode 1
prion 1
alpinelinux 1
openvas 1
nessus 1
fedora 1
ubuntucve 1
mongodb 1
debiancve 1
redos 1
osv 1
cvelist 1
nvd
nvd
CVE-2023-0437
2024-01-12 14:15:47
veracode
veracode
Infinite Loop
2024-02-12 17:32:39
prion
prion
Design/Logic Flaw
2024-01-12 14:15:00
alpinelinux
alpinelinux
CVE-2023-0437
2024-01-12 14:15:47
openvas
openvas
Fedora: Security Advisory for mongo-c-driver (FEDORA-2024-fb4958e901)
2024-01-24 00:00:00
nessus
nessus
Fedora 38 : mongo-c-driver (2024-fb4958e901)
2024-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: mongo-c-driver-1.24.3-2.fc38
2024-01-24 01:33:23
ubuntucve
ubuntucve
CVE-2023-0437
2024-01-12 00:00:00
mongodb
mongodb
MongoDB client C Driver may infinitely loop when validating certain BSON input data
2024-01-12 14:13:00
debiancve
debiancve
CVE-2023-0437
2024-01-12 14:15:47
redos
redos
ROS-20240411-03
2024-04-11 00:00:00
osv
osv
CVE-2023-0437
2024-01-12 14:15:47
cvelist
cvelist
CVE-2023-0437 MongoDB client C Driver may infinitely loop when validating certain BSON input data
2024-01-12 13:33:39

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for CVE-2023-0437
nvd1veracode1prion1alpinelinux1openvas1nessus1fedora1ubuntucve1mongodb1debiancve1redos1osv1cvelist1