2280683 – (CVE-2024-3372) CVE-2024-3372 mongodb: invalid BSON causes DoS

Bug 2280683 (CVE-2024-3372) - CVE-2024-3372 mongodb: invalid BSON causes DoS

Summary: CVE-2024-3372 mongodb: invalid BSON causes DoS

Keywords:
Status:	NEW
Alias:	CVE-2024-3372
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2280684
Blocks:	2280685
TreeView+	depends on / blocked

Reported:	2024-05-15 16:31 UTC by Nick Tait
Modified:	2024-06-04 21:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:	mongodb 5.0.25, mongodb 6.0.14, mongodb 7.0.6
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Nick Tait 2024-05-15 16:31:30 UTC

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

https://jira.mongodb.org/browse/SERVER-85263

Note You need to log in before you can comment on or make changes to this bug.