Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

CVE ID:

CVE-2025-3083

Title:
Malformed MongoDB wire protocol messages may cause mongos to crash

Description:
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to
6.0.20 and MongoDB v7.0 versions prior to 7.0.16

CVSS Score:

7.5 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

List all affected product versions:

MongoDB v5.0 versions prior to 5.0.31

MongoDB v6.0 versions prior to 6.0.20

MongoDB v7.0 versions prior to 7.0.16

CWE:

CWE-248: Uncaught Exception

Assignee:: Karman Liu

Reporter:: Karman Liu

Participants:: Karman Liu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Apr 01 2025 09:01:35 AM UTC

Updated:: Apr 01 2025 11:12:12 AM UTC

Resolved:: Apr 01 2025 09:02:23 AM UTC

GA Target Date:: None

Public Preview Target Date:: None

Private Preview Target Date:: None

Experiment Target Date:: None

Details

Description

Attachments

Activity

People

Dates