Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
bson_validate may skip validation when processing certain inputs
Vulnerability Description
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
MongoDB C Driver 安全漏洞
Vulnerability Description
MongoDB C Driver是MongoDB开源的一个用于在C语言程序中连接和操作MongoDB数据库的客户端驱动库。 MongoDB C Driver 1.30.5之前版本、2.0.0版本和2.0.1版本存在安全漏洞,该漏洞源于bson_validate函数可能提前返回并错误报告成功,导致跳过BSON数据验证,可能允许处理格式错误或无效的UTF-8序列。
CVSS Information
N/A
Vulnerability Type
N/A