Unrated severityNVD Advisory· Published May 14, 2024· Updated Aug 1, 2024

MongoDB Server (mongod) may crash when generating ftdc

CVE-2024-3374

Description

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

Affected products

MongoDB/MongoDBv5
cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*
Range: 5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jira.mongodb.org/browse/SERVER-75601mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000