CVE-2023-0437

When calling bsonutf8validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

Database specific

{
    "cna_assigner": "mongodb",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0437.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "1.0.0"
                },
                {
                    "fixed": "1.25.0"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Git / github.com/mongodb/mongo-c-driver

Affected ranges

Type

GIT

Repo

https://github.com/mongodb/mongo-c-driver

Events

Introduced

Fixed

35fa1539f2420d3613437c11937273e259eff3dd

Database specific

{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.25.0"
        }
    ],
    "cpe": "cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:*"
}

Affected versions

0.*

0.90.0

0.92.0

0.92.2

0.94.0

0.94.2

0.96.0

0.96.4

0.98.0

0.98.2

1.*

1.0.0

1.0.2

1.1.0

1.1.0-rc0

1.1.10

1.1.11

1.1.2

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.11.0

1.3.0

1.3.0-rc0

1.4.0-beta1

1.5.0-rc0

1.5.0-rc1

1.5.0-rc2

1.5.0-rc3

1.5.0-rc4

1.6.0

1.6.0-rc0

1.7.0-rc0

1.9.0-rc0

1.9.0-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0437.json"