-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
ALL
-
None
-
3
-
TBD
-
None
-
None
-
None
-
None
-
None
-
None
-
None
CVE ID:
CVE-2025-6714
Title:
Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections
Description:
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9
CVSS Score:
7.5 - https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
CWE-834 Excessive Iteration AND
CWE-400 Uncontrolled Resource Consumption
Affected Product Versions:
MongoDB Server v6.0 prior to 6.0.23
MongoDB Server v7.0 prior to 7.0.20
MongoDB Server v8.0 prior to 8.0.9
Required Configuration:
This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports.