Description

In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.

Remediation

References

CVE-2017-14227

Related Vulnerabilities

RubyGems 7PK - Security Features Vulnerability (CVE-2015-3900)

WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)

Python Integer Overflow or Wraparound Vulnerability (CVE-2008-2315)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4083)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.2.2)

Severity

High

Classification

CVE-2017-14227 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities