Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-103152

Malformed MongoDB wire protocol messages may cause mongos to crash

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:

      CVE-2025-3083

      Title:
      Malformed MongoDB wire protocol messages may cause mongos to crash

      Description:
      Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 
      6.0.20 and MongoDB v7.0 versions prior to 7.0.16

      CVSS Score:

      7.5 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 

      List all affected product versions: 

      MongoDB v5.0 versions prior to 5.0.31

      MongoDB v6.0 versions prior to 6.0.20

      MongoDB v7.0 versions prior to 7.0.16

      CWE:

      CWE-248: Uncaught Exception

            Assignee:
            karman.liu@mongodb.com Karman Liu
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              None
              None
              None
              None