What is the severity of CVE-2023-0437?

CVE-2023-0437 has a moderate severity due to the potential for causing an infinite loop.

How do I fix CVE-2023-0437?

To fix CVE-2023-0437, upgrade to MongoDB C Driver version 1.25.0 or later.

What versions of MongoDB C Driver are affected by CVE-2023-0437?

CVE-2023-0437 affects all versions of MongoDB C Driver prior to version 1.25.0.

What types of inputs trigger the issue in CVE-2023-0437?

CVE-2023-0437 is triggered by certain inputs passed to the bson_utf8_validate function.

Is CVE-2023-0437 exploitable remotely?

CVE-2023-0437 does not indicate remote exploitation potential as it relates to input validation in the C Driver.

Vulnerability/
CVE-2023-0437

high

7.5

CWE

835

12/1/2024

15/8/2024

CVE-2023-0437: MongoDB client C Driver may infinitely loop when validating certain BSON input data

First published: Fri Jan 12 2024(Updated: )

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

Credit: cna@mongodb.com

Affected Software	Affected Version	How to fix
MongoDB C Driver	<1.25.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-0437?
CVE-2023-0437 has a moderate severity due to the potential for causing an infinite loop.
How do I fix CVE-2023-0437?
To fix CVE-2023-0437, upgrade to MongoDB C Driver version 1.25.0 or later.
What versions of MongoDB C Driver are affected by CVE-2023-0437?
CVE-2023-0437 affects all versions of MongoDB C Driver prior to version 1.25.0.
What types of inputs trigger the issue in CVE-2023-0437?
CVE-2023-0437 is triggered by certain inputs passed to the bson_utf8_validate function.
Is CVE-2023-0437 exploitable remotely?
CVE-2023-0437 does not indicate remote exploitation potential as it relates to input validation in the C Driver.

agent/weakness
agent/title
agent/author
agent/type
agent/first-publish-date
agent/severity
agent/softwarecombine
agent/description
agent/event
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/mongodb
canonical/mongodb c driver

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2023-0437?
CVE-2023-0437 has a moderate severity due to the potential for causing an infinite loop.
How do I fix CVE-2023-0437?
To fix CVE-2023-0437, upgrade to MongoDB C Driver version 1.25.0 or later.
What versions of MongoDB C Driver are affected by CVE-2023-0437?
CVE-2023-0437 affects all versions of MongoDB C Driver prior to version 1.25.0.
What types of inputs trigger the issue in CVE-2023-0437?
CVE-2023-0437 is triggered by certain inputs passed to the bson_utf8_validate function.
Is CVE-2023-0437 exploitable remotely?
CVE-2023-0437 does not indicate remote exploitation potential as it relates to input validation in the C Driver.