-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Replication
-
Minor Change
-
ALL
-
v6.3, v6.0, v5.0
-
Repl 2023-04-17
-
64
CVE ID:
CVE-2024-3374
Title:
MongoDB Server (mongod) may crash when generating ftdc
Description:
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.
CVSS Score:
5.3 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
List all affected product versions:
MongoDB Server v5.0 versions prior to and including 5.0.16
MongoDB Server v6.0 versions prior to and including 6.0.5
CWE:
CWE-617: Reachable Assertion
- related to
-
SERVER-41185 Make ftdc failures process fatal
- Closed