Lucene search
K
MongodbC Driver

8 matches found

CVE
CVE
added 2023/08/29 3:24 p.m.124 views

CVE-2021-32050

CVE-2021-32050 concerns MongoDB drivers that may publish authentication-related data to a configurable command listener, risking exposure of sensitive information when specific authentication commands execute. The issue affects multiple drivers to varying versions (e.g., C Driver <1.17.7, PHP ...

7.5CVSS5.9AI score0.00492EPSS
CVE
CVE
added 2024/08/07 9:57 a.m.104 views

CVE-2024-7553

CVE-2024-7553 concerns MongoDB components (Server and relevant drivers) on Windows, due to incorrect validation of files loaded from a local untrusted directory. The flaw can enable local privilege escalation and may cause the application to execute arbitrary behavior based on untrusted file cont...

7.8CVSS7.3AI score0.0026EPSS
CVE
CVE
added 2024/01/12 1:33 p.m.83 views

CVE-2023-0437

The CVE-2023-0437 issue affects the MongoDB C Driver: all versions prior to 1.25.0 are vulnerable due to a loop in bson_utf8_validate that may exit never, potentially causing an infinite loop. This is supported by multiple sources in connected data (MongoDB advisory, Debian/LTS entries, and distr...

7.5CVSS6AI score0.01103EPSS
CVE
CVE
added 2020/04/24 12:31 a.m.63 views

CVE-2020-12135

CVE-2020-12135 affects the BSON library prior to 0.8, where many variables and return values use int instead of size_t. The root cause is an integer overflow in bson_ensure_space() when processing crafted input, potentially exploiting bytesNeeded. Public disclosures in multiple advisories (NVD, O...

5.5CVSS5.5AI score0.01165EPSS
CVE
CVE
added 2026/05/06 3:8 p.m.25 views

CVE-2026-6691

CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...

8.6CVSS5.9AI score0.00126EPSS
CVE
CVE
added 2026/03/17 7:42 p.m.23 views

CVE-2026-4359

MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...

3.7CVSS5.8AI score0.00187EPSS
CVE
CVE
added 2026/04/13 3:31 p.m.23 views

CVE-2026-6231

The CVE-2026-6231 issue affects the MongoDB C Driver. The root cause is that the bson_validate function may return early on certain inputs and incorrectly report success, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. Affected products/versions ex...

7.5CVSS5.8AI score0.00184EPSS
CVE
CVE
added 2025/11/18 8:21 p.m.21 views

CVE-2025-12119

CVE-2025-12119 affects the MongoDB C driver: when using a bulk operation, mongoc_bulk_operation_t may read invalid memory if large options are passed. Connected advisories confirm the issue in the mongo-c-driver and reference Debian’s fix in version 1.17.6-1+deb11u2 for bullseye. Other listings (...

6.9CVSS6.5AI score0.0019EPSS