Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 936109 (CVE-2023-0437) - <dev-libs/libbson-2.24.4-r1: bson_utf8_validate on some inputs leads to an infinite loop
Summary: <dev-libs/libbson-2.24.4-r1: bson_utf8_validate on some inputs leads to an in...
Status: UNCONFIRMED
Alias: CVE-2023-0437
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://jira.mongodb.org/browse/CDRIV...
Whiteboard: B3 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-15 13:22 UTC by Robert Förster
Modified: 2025-04-10 14:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Förster 2024-07-15 13:22:57 UTC
CVE-2023-0437:

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
Comment 1 Larry the Git Cow gentoo-dev 2025-04-10 08:37:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4010a3464c1b2de50164fb7bc551903f10016b3

commit e4010a3464c1b2de50164fb7bc551903f10016b3
Author:     Robert Förster <Dessa@gmake.de>
AuthorDate: 2025-04-07 19:45:29 +0000
Commit:     Alexys Jacob <ultrabug@gentoo.org>
CommitDate: 2025-04-10 08:37:40 +0000

    dev-libs/libbson: add fix for CVE-2023-0437, add proper python dep for sphinx
    
    Closes: https://bugs.gentoo.org/639540
    Closes: https://bugs.gentoo.org/721170
    Closes: https://bugs.gentoo.org/921953
    Bug: https://bugs.gentoo.org/936109
    Signed-off-by: Robert Förster <Dessa@gmake.de>
    Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>

 dev-libs/libbson/Manifest                          |  1 +
 .../files/libbson-1.24.4-CVE-2023-0437.patch       | 25 +++++++++
 dev-libs/libbson/libbson-1.24.4-r1.ebuild          | 64 ++++++++++++++++++++++
 dev-libs/libbson/metadata.xml                      |  1 +
 4 files changed, 91 insertions(+)