CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0437 – MongoDB client C Driver may infinitely loop when validating certain BSON input data
https://notcve.org/view.php?id=CVE-2023-0437
12 Jan 2024 — When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0. Al llamar a bson_utf8_validate en algunas entradas puede ocurrir un bucle con una condición de salida que no se puede alcanzar, es decir, un bucle infinito. Este problema afecta a All MongoDB C Driver anteriores a la versión 1.25.0. When calling bson_utf8_validate on some inputs a loop with an exit con... • https://jira.mongodb.org/browse/CDRIVER-4747 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-32050 – Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application
https://notcve.org/view.php?id=CVE-2021-32050
29 Aug 2023 — Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects ... • https://jira.mongodb.org/browse/CDRIVER-3797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-12135 – Ubuntu Security Notice USN-4450-1
https://notcve.org/view.php?id=CVE-2020-12135
24 Apr 2020 — bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. bson en versiones anteriores a la 0.8 usa incorrectamente int en lugar de size_t para muchas variables, parámetros y valores de retorno. En particular, el parámetro bson_ensure_space () bytesNeeded podría tener un desbordamiento de enteros a través de una entrada bson constru... • https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560 • CWE-190: Integer Overflow or Wraparound •