CVE-2024-3374

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions MongoDB Server versions 5.0.0 through 5.0.16 MongoDB Server versions 6.0.0 through 6.0.5

Description An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes.

Recommendations For MongoDB Server versions 5.0.0 through 5.0.16, update to a version later than 5.0.16. For MongoDB Server versions 6.0.0 through 6.0.5, update to a version later than 6.0.5.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2024-8238

ALT-PU-2024-8258

BIT-MONGODB-2024-3374

CVE-2024-3374

Affected Products

Alt Linux

Mongodb Server

Mongodb

CVE-2024-3374

Weakness Enumeration

Related Identifiers

Affected Products

References · 9