936109 – (CVE-2023-0437) dev-libs/libbson: bson_utf8_validate on some inputs leads to an infinite loop

Bug 936109 (CVE-2023-0437) - dev-libs/libbson: bson_utf8_validate on some inputs leads to an infinite loop

Summary: dev-libs/libbson: bson_utf8_validate on some inputs leads to an infinite loop

Status:	UNCONFIRMED

Alias:	CVE-2023-0437

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://jira.mongodb.org/browse/CDRIV...
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2024-07-15 13:22 UTC by Robert Förster
Modified:	2024-07-16 04:44 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Förster 2024-07-15 13:22:57 UTC

CVE-2023-0437:

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.