Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-75601

Make serverStatus apiversion field more robust

    • Replication
    • Minor Change
    • ALL
    • v6.3, v6.0, v5.0
    • Repl 2023-04-17
    • 64

      CVE ID:
      CVE-2024-3374

      Title:
      MongoDB Server (mongod) may crash when generating ftdc

      Description:
      An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

      CVSS Score:
      5.3 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

      List all affected product versions:
      MongoDB Server v5.0 versions prior to and including 5.0.16

      MongoDB Server v6.0 versions prior to and including 6.0.5

      CWE:

      CWE-617: Reachable Assertion

            Assignee:
            m.maher@mongodb.com Moustafa Maher
            Reporter:
            judah.schvimer@mongodb.com Judah Schvimer
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: