Unrated severityNVD Advisory· Published Dec 25, 2014· Updated May 6, 2026

CVE-2014-3971

Description

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

Affected products

MongoDB/MongoDB2 versions
cpe:2.3:a:mongodb:mongodb:2.6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mongodb:mongodb:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jira.mongodb.org/browse/SERVER-13753nvdVendor Advisory
github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251bnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000