PT-2024-2760 · Mongodb+3 · Mongodb C Driver+3

Karman Liu

Published

2024-01-12

Updated

2025-09-03

CVE-2023-0437

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MongoDB C Driver versions prior to 1.25.0

Description The issue is related to the bson utf8 validate() function in the MongoDB C Driver, which can cause an infinite loop when called with certain inputs. This may allow a remote attacker to cause a denial of service.

Recommendations For MongoDB C Driver versions prior to 1.25.0, update to version 1.25.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bson utf8 validate() function until a patch is available.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2024-02893

CVE-2023-0437

DLA-4160-1

DLA-4175-1

OESA-2024-1076

Affected Products

Astra Linux

Debian

Mongodb C Driver

Red Os

PT-2024-2760 · Mongodb+3 · Mongodb C Driver+3

CVE-2023-0437

Weakness Enumeration

Related Identifiers

Affected Products

References · 33