Vulnerabilities > CVE-2023-0437 - Infinite Loop vulnerability in Mongodb C Driver

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

mongodb

CWE-835

NVD

Published: 2024-01-12

Updated: 2024-01-24

Summary

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb C Driver 0.1 Mongodb C Driver 0.2 Mongodb C Driver 0.3 Mongodb C Driver 0.3.1 Mongodb C Driver 0.4 Mongodb C Driver 0.5 Mongodb C Driver 0.5.1 Mongodb C Driver 0.5.2 Mongodb C Driver 0.6 Mongodb C Driver 0.7 Mongodb C Driver 0.7.1 Mongodb C Driver 0.8 Mongodb C Driver 0.8.1 Mongodb C Driver 0.90.0 Mongodb C Driver 0.92.0 Mongodb C Driver 0.92.2 Mongodb C Driver 0.94.0 Mongodb C Driver 0.94.2 Mongodb C Driver 0.96.0 Mongodb C Driver 0.96.2 Mongodb C Driver 0.96.4 Mongodb C Driver 0.98.0 Mongodb C Driver 0.98.2 Mongodb C Driver 1.0.0 Mongodb C Driver 1.0.2 Mongodb C Driver 1.1.0 Mongodb C Driver 1.1.2 Mongodb C Driver 1.1.4 Mongodb C Driver 1.1.5 Mongodb C Driver 1.1.6 Mongodb C Driver 1.1.7 Mongodb C Driver 1.1.8 Mongodb C Driver 1.1.9 Mongodb C Driver 1.1.10 Mongodb C Driver 1.1.11 Mongodb C Driver 1.2.0 Mongodb C Driver 1.2.1 Mongodb C Driver 1.2.2 Mongodb C Driver 1.2.3 Mongodb C Driver 1.2.4 Mongodb C Driver 1.3.0 Mongodb C Driver 1.3.1 Mongodb C Driver 1.3.2 Mongodb C Driver 1.3.3 Mongodb C Driver 1.3.4 Mongodb C Driver 1.3.5 Mongodb C Driver 1.3.6 Mongodb C Driver 1.4.0 Mongodb C Driver 1.4.1 Mongodb C Driver 1.4.2 Mongodb C Driver 1.4.3 Mongodb C Driver 1.5.0 Mongodb C Driver 1.5.1 Mongodb C Driver 1.5.2 Mongodb C Driver 1.5.3 Mongodb C Driver 1.5.4 Mongodb C Driver 1.5.5 Mongodb C Driver 1.6.0 Mongodb C Driver 1.6.1 Mongodb C Driver 1.6.2 Mongodb C Driver 1.6.3 Mongodb C Driver 1.7.0 Mongodb C Driver 1.8.0 Mongodb C Driver 1.8.1 Mongodb C Driver 1.8.2 Mongodb C Driver 1.9.0 Mongodb C Driver 1.9.1 Mongodb C Driver 1.9.2 Mongodb C Driver 1.9.3 Mongodb C Driver 1.9.4 Mongodb C Driver 1.9.5 Mongodb C Driver 1.10.0 Mongodb C Driver 1.10.1 Mongodb C Driver 1.10.2 Mongodb C Driver 1.10.3 Mongodb C Driver 1.11.0 Mongodb C Driver 1.12.0 Mongodb C Driver 1.13.0 Mongodb C Driver 1.13.1 Mongodb C Driver 1.14.0 Mongodb C Driver 1.14.1 Mongodb C Driver 1.15.0 Mongodb C Driver 1.15.1 Mongodb C Driver 1.15.2 Mongodb C Driver 1.15.3 Mongodb C Driver 1.16.0 Mongodb C Driver 1.16.1 Mongodb C Driver 1.16.2 Mongodb C Driver 1.17.0 Mongodb C Driver 1.17.1 Mongodb C Driver 1.17.2 Mongodb C Driver 1.17.3 Mongodb C Driver 1.17.4 Mongodb C Driver 1.17.5 Mongodb C Driver 1.18.0	120

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References