5 matches found
CVE-2024-7553
CVE-2024-7553 concerns MongoDB components (Server and relevant drivers) on Windows, due to incorrect validation of files loaded from a local untrusted directory. The flaw can enable local privilege escalation and may cause the application to execute arbitrary behavior based on untrusted file cont...
CVE-2023-0437
The CVE-2023-0437 issue affects the MongoDB C Driver: all versions prior to 1.25.0 are vulnerable due to a loop in bson_utf8_validate that may exit never, potentially causing an infinite loop. This is supported by multiple sources in connected data (MongoDB advisory, Debian/LTS entries, and distr...
CVE-2020-12135
CVE-2020-12135 affects the BSON library prior to 0.8, where many variables and return values use int instead of size_t. The root cause is an integer overflow in bson_ensure_space() when processing crafted input, potentially exploiting bytesNeeded. Public disclosures in multiple advisories (NVD, O...
CVE-2026-4359
MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...
CVE-2026-6231
The CVE-2026-6231 issue affects the MongoDB C Driver. The root cause is that the bson_validate function may return early on certain inputs and incorrectly report success, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. Affected products/versions ex...