Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL
    • None
    • 3
    • TBD
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:
      CVE-2025-6714

      Title:

      Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections

      Description:

      MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 

      CVSS Score:

      7.5 - https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 

      CWE:

      CWE-834 Excessive Iteration  AND

      CWE-400 Uncontrolled Resource Consumption 

      Affected Product Versions:
      MongoDB Server v6.0 prior to 6.0.23

      MongoDB Server v7.0 prior to 7.0.20

      MongoDB Server v8.0 prior to 8.0.9 

      Required Configuration:

      This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.

            Assignee:
            Unassigned
            Reporter:
            Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: