CVE-2023-0437 – MongoDB client C Driver may infinitely loop when validating certain BSON input data
https://notcve.org/view.php?id=CVE-2023-0437
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0. Al llamar a bson_utf8_validate en algunas entradas puede ocurrir un bucle con una condición de salida que no se puede alcanzar, es decir, un bucle infinito. Este problema afecta a All MongoDB C Driver anteriores a la versión 1.25.0. • https://jira.mongodb.org/browse/CDRIVER-4747 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-32050 – Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application
https://notcve.org/view.php?id=CVE-2021-32050
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). • https://jira.mongodb.org/browse/CDRIVER-3797 https://jira.mongodb.org/browse/CXX-2028 https://jira.mongodb.org/browse/NODE-3356 https://jira.mongodb.org/browse/PHPC-1869 https://jira.mongodb.org/browse/SWIFT-1229 https://security.netapp.com/advisory/ntap-20231006-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-12135
https://notcve.org/view.php?id=CVE-2020-12135
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. bson en versiones anteriores a la 0.8 usa incorrectamente int en lugar de size_t para muchas variables, parámetros y valores de retorno. En particular, el parámetro bson_ensure_space () bytesNeeded podría tener un desbordamiento de enteros a través de una entrada bson construida correctamente. • https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560 https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca#diff-f7d29a680148f52d6601f59ed787f577 https://launchpadlibrarian.net/474887364/bson-fix-overflow.patch https://usn.ubuntu.com/4450-1 • CWE-190: Integer Overflow or Wraparound •