8 matches found
CVE-2021-32050
CVE-2021-32050 concerns MongoDB drivers that may publish authentication-related data to a configurable command listener, risking exposure of sensitive information when specific authentication commands execute. The issue affects multiple drivers to varying versions (e.g., C Driver <1.17.7, PHP ...
CVE-2024-7553
CVE-2024-7553 concerns MongoDB components (Server and relevant drivers) on Windows, due to incorrect validation of files loaded from a local untrusted directory. The flaw can enable local privilege escalation and may cause the application to execute arbitrary behavior based on untrusted file cont...
CVE-2023-0437
The CVE-2023-0437 issue affects the MongoDB C Driver: all versions prior to 1.25.0 are vulnerable due to a loop in bson_utf8_validate that may exit never, potentially causing an infinite loop. This is supported by multiple sources in connected data (MongoDB advisory, Debian/LTS entries, and distr...
CVE-2020-12135
CVE-2020-12135 affects the BSON library prior to 0.8, where many variables and return values use int instead of size_t. The root cause is an integer overflow in bson_ensure_space() when processing crafted input, potentially exploiting bytesNeeded. Public disclosures in multiple advisories (NVD, O...
CVE-2026-6691
CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...
CVE-2026-4359
MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...
CVE-2026-6231
The CVE-2026-6231 issue affects the MongoDB C Driver. The root cause is that the bson_validate function may return early on certain inputs and incorrectly report success, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. Affected products/versions ex...
CVE-2025-12119
CVE-2025-12119 affects the MongoDB C driver: when using a bulk operation, mongoc_bulk_operation_t may read invalid memory if large options are passed. Connected advisories confirm the issue in the mongo-c-driver and reference Debian’s fix in version 1.17.6-1+deb11u2 for bullseye. Other listings (...