Unrated severityNVD Advisory· Published May 14, 2024· Updated Aug 1, 2024

MongoDB Server may have unexpected application behaviour due to invalid BSON

CVE-2024-3372

Description

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

Affected products

MongoDB/MongoDBv5
cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*
Range: 5.0

Patches

17c0d8bbee46

https://github.com/mongodb/mongovia osv

bda19256b0e3

https://github.com/mongodb/mongovia osv

0eb07427dc79

https://github.com/mongodb/mongovia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

jira.mongodb.org/browse/SERVER-85263mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000