Mongodb Inc Mongodb C Driver vulnerabilities

5 known vulnerabilities affecting mongodb_inc/mongodb_c_driver.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-4359LOWCVSS 2.0fixed in 2.2.32026-03-17
CVE-2026-4359 [LOW] CWE-158 CVE-2026-4359: A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP res A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
cvelistv5nvd
CVE-2024-7553HIGHCVSS 7.8fixed in 1.26.22024-08-07
CVE-2024-7553 [HIGH] CWE-284 CVE-2024-7553: Incorrect validation of files loaded from a local untrusted directory may allow local privilege esca Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 ver
cvelistv5nvd
CVE-2023-0437HIGHCVSS 7.5≥ 1.0.0, < 1.25.02024-01-12
CVE-2023-0437 [HIGH] CWE-835 CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
cvelistv5nvd
CVE-2021-32050HIGHCVSS 7.5≥ 1.0.0, < 1.17.72023-08-29
CVE-2021-32050 [HIGH] CWE-200 CVE-2021-32050: Some MongoDB Drivers may erroneously publish events containing authentication-related data to a comm Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g.,
cvelistv5nvd
CVE-2021-20331MEDIUMCVSS 4.9≥ 2.12, ≤ 2.12.12021-05-13
CVE-2021-20331 [MEDIUM] CWE-200 CVE-2021-20331: Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication- Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an
cvelistv5nvd