Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 936109 (CVE-2023-0437)

Summary: dev-libs/libbson: bson_utf8_validate on some inputs leads to an infinite loop
Product: Gentoo Security Reporter: Robert Förster <Dessa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: UNCONFIRMED ---    
Severity: normal CC: ultrabug
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://jira.mongodb.org/browse/CDRIVER-4747
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description Robert Förster 2024-07-15 13:22:57 UTC 
CVE-2023-0437:

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.