Spencer Jackson

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 4.2.1 MongoDB Server versions prior to 4.0.13 MongoDB Server versions prior to 3.6.15 MongoDB Server versions prior to 3.4.24 **Description** An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. **Recommendations** For MongoDB Server versions prior to 4.2.1, update to version 4.2.1 or later. For MongoDB Server versions prior to 4.0.13, update to version 4.0.13 or later. For MongoDB Server versions prior to 3.6.15, update to version 3.6.15 or later. For MongoDB Server versions prior to 3.4.24, update to version 3.4.24 or later.