CVE-2023-0437

low-risk
Published 2024-01-12

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

C Driver

Affected Vendors

Mongodb

References (6)

Issue Tracking https://jira.mongodb.org/browse/CDRIVER-4747
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Issue Tracking https://jira.mongodb.org/browse/CDRIVER-4747
https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal