Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.0.0-rc0, 6.0.6, 5.0.17, 6.3.2
Affects Version/s: None
Component/s: None
Labels:
- repl-shortlist

Assigned Teams:

Replication
Backwards Compatibility:
Minor Change
Operating System:
ALL
Backport Requested:

v6.3, v6.0, v5.0
Sprint:
Repl 2023-04-17
Linked BF Score:
64
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

CVE ID:
CVE-2024-3374

Title:
MongoDB Server (mongod) may crash when generating ftdc

Description:
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

CVSS Score:
5.3 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

List all affected product versions:
MongoDB Server v5.0 versions prior to and including 5.0.16

MongoDB Server v6.0 versions prior to and including 6.0.5

CWE:

CWE-617: Reachable Assertion

related to

SERVER-41185 Make ftdc failures process fatal

Closed

Assignee:: Moustafa Maher

Reporter:: Judah Schvimer

Participants:: Githook User, Judah Schvimer, Moustafa Maher

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: Apr 03 2023 04:02:13 PM UTC

Updated:: May 14 2024 01:26:46 PM UTC

Resolved:: Apr 06 2023 02:46:35 PM UTC

Confidence Status Last Update:: 04/Apr/23 6:33 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates