ISSUE SUMMARY
The mongod server fails to validate some cases of malformed BSON. This failure occurs pre-authentication.

USER IMPACT
A specially crafted, malformed BSON message may trigger an uncaught exception in the server, resulting in a loss of availability.

WORKAROUNDS
There are no workarounds for this issue.

AFFECTED VERSIONS
All MongoDB production releases up to 2.6.7 are affected by this issue.

FIX VERSION
The fix is included in the 2.4.13 and 2.6.8 production releases.
CVE-2015-1609 has been assigned to this issue.

RESOLUTION DETAILS
Reject malformed BSON data.

ADDITIONAL NOTES
Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment. This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs and responsibly disclosed to MongoDB, Inc.