Lucene search
+L

5 matches found

CVE
CVE
added 2024/08/07 9:57 a.m.107 views

CVE-2024-7553

CVE-2024-7553 concerns MongoDB components (Server and relevant drivers) on Windows, due to incorrect validation of files loaded from a local untrusted directory. The flaw can enable local privilege escalation and may cause the application to execute arbitrary behavior based on untrusted file cont...

7.8CVSS7.3AI score0.0026EPSS
CVE
CVE
added 2024/01/12 1:33 p.m.86 views

CVE-2023-0437

The CVE-2023-0437 issue affects the MongoDB C Driver: all versions prior to 1.25.0 are vulnerable due to a loop in bson_utf8_validate that may exit never, potentially causing an infinite loop. This is supported by multiple sources in connected data (MongoDB advisory, Debian/LTS entries, and distr...

7.5CVSS6AI score0.01103EPSS
CVE
CVE
added 2020/04/24 12:31 a.m.64 views

CVE-2020-12135

CVE-2020-12135 affects the BSON library prior to 0.8, where many variables and return values use int instead of size_t. The root cause is an integer overflow in bson_ensure_space() when processing crafted input, potentially exploiting bytesNeeded. Public disclosures in multiple advisories (NVD, O...

5.5CVSS5.5AI score0.01165EPSS
CVE
CVE
added 2026/03/17 7:42 p.m.42 views

CVE-2026-4359

MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...

3.7CVSS5.8AI score0.00187EPSS
CVE
CVE
added 2026/04/13 3:31 p.m.26 views

CVE-2026-6231

The CVE-2026-6231 issue affects the MongoDB C Driver. The root cause is that the bson_validate function may return early on certain inputs and incorrectly report success, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. Affected products/versions ex...

7.5CVSS5.8AI score0.00184EPSS