CVE-2024-10921

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 5.0.30 MongoDB Server versions prior to 6.0.19 MongoDB Server versions prior to 7.0.15 MongoDB Server versions prior to and including 8.0.2

Description: The issue is related to the construction of malformed BSON in the MongoDB Server, which can be triggered by authorized users issuing specially crafted requests. This can lead to crashes or the exposure of Server memory contents due to buffer over-reads. The vulnerability may allow a remote attacker to gain unauthorized access to protected information or cause a denial of service by sending specially crafted requests.

Recommendations: For MongoDB Server versions prior to 5.0.30, update to version 5.0.30 or later. For MongoDB Server versions prior to 6.0.19, update to version 6.0.19 or later. For MongoDB Server versions prior to 7.0.15, update to version 7.0.15 or later. For MongoDB Server versions prior to and including 8.0.2, update to a version later than 8.0.2.