Mongodb · Mongodb · CVE-2016-3104
**Name of the Vulnerable Software and Affected Versions**
MongoDB versions 2.6, 2.4
**Description**
The issue allows remote attackers to cause a denial of service, resulting in memory consumption and process termination. This occurs when authenticating against a non-existent database, leveraging in-memory database representation.
**Recommendations**
For MongoDB version 2.4, consider upgrading to a version that does not use 2.4-style users to mitigate the risk.
For MongoDB version 2.6, avoid authenticating against non-existent databases as a temporary workaround until a patch is available.