CVE-2024-3372
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-3372
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3372.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-3372
- Aliases
- Downstream
- Published
- 2024-05-14T16:17:31Z
- Modified
- 2025-10-17T02:42:24.593275Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r5.*
r5.0.0
r5.0.1
r5.0.1-rc0
r5.0.10
r5.0.10-rc0
r5.0.11
r5.0.11-rc0
r5.0.11-rc1
r5.0.12
r5.0.12-rc0
r5.0.13
r5.0.13-rc0
r5.0.14
r5.0.14-rc0
r5.0.15
r5.0.15-rc0
r5.0.15-rc1
r5.0.15-rc2
r5.0.16
r5.0.16-rc0
r5.0.17
r5.0.17-rc0
r5.0.18
r5.0.18-rc0
r5.0.18-rc1
r5.0.18-rc2
r5.0.19
r5.0.19-rc0
r5.0.2
r5.0.2-rc0
r5.0.20
r5.0.20-rc0
r5.0.20-rc1
r5.0.21
r5.0.21-rc0
r5.0.22
r5.0.22-rc0
r5.0.22-rc1
r5.0.23
r5.0.23-rc0
r5.0.24
r5.0.24-rc0
r5.0.3
r5.0.3-rc0
r5.0.3-rc1
r5.0.3-rc2
r5.0.4
r5.0.4-rc0
r5.0.5
r5.0.5-rc0
r5.0.6
r5.0.6-rc0
r5.0.6-rc1
r5.0.6-rc2
r5.0.7
r5.0.7-rc0
r5.0.7-rc1
r5.0.8
r5.0.8-rc0
r5.0.9
r5.0.9-rc0
r5.0.9-rc1
Database specific
vanir_signatures
[
{
"id": "CVE-2024-3372-09bc5cf1",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"line_hashes": [
"334660737196684850722664536996643457946",
"327939151132501271412548243499103721443",
"11381017535182826178853558167778058346",
"213814770147066090227553785989065756330",
"196780867547189859590281459774911213327",
"125943850035741450541195492604385805527",
"217317312544345665709492833750546224556",
"305303411531048506060062824462097062490",
"284747837897875280152053279718908925216",
"328623613056724057159257026131314938565",
"265444948854827299905736565002572342754",
"251260535726361490888570192450961057747",
"155383785480391756437487382774816827232",
"174013355192363307081523149643961411025",
"99442954032108321157374426467179070243",
"83870892542530576207675915224295341659",
"322154761345666299341756594399310827855",
"43431729074497789219775175651359394146",
"255201184690936909443409851409656356254",
"2510868651900740927701410196012747739",
"44010508272711182221726503346227496700",
"125008119081435533482232314231684874075",
"113161986951339734295935487890313095198",
"18422388940995107044848192537028186688",
"255029257159406557377168267652055787601",
"44010508272711182221726503346227496700",
"273343002948521916491700092437180331597",
"285892018315033997642663819284224858257",
"137175722041438436637770758526654365860",
"328381951967932019379602219368323861143",
"106169436440387844013713913287421995417",
"7532299892693696021004871311007195182",
"116970381517417152918859680737212124192",
"117132859885639804751107123205975558820",
"253680158893955527555588855884236462007",
"31865407357096567699177254519558272677",
"339892111717626869008296898012958336599",
"283775594231203181540974113344567225144",
"263984450781944345667545638972785107033",
"128259899352254909945378414083753563238",
"158302831930630962480486176087757796575",
"300366929294648864136043619813090977443",
"96586414899962371892018574227979220166",
"331272680517708080139262672816660442621",
"261701113028166259299387572558903873799",
"51240807056846672687736712948589407741",
"261867511370138231258092377795676011992",
"291515506078429642871341420950758417192",
"6450420423680971381150276175237969071",
"46021742025537851324445377393537720730",
"58959339010469934943498796732037652805",
"203372241186538660500953468703624100479",
"220838986718538204720832317838319826940",
"280029305925661420510980948828281349079",
"124457456362943743611943545285902088148",
"110504659277878491578492687143456674561",
"65771451601050466415904446534558983156",
"51121625526529548657412925840342857243",
"259583156162185954906928996983286967378",
"96325719789891479481561785333619706347",
"888291269009851597066459530664767928",
"115159863817392033409983421266882833893",
"214447623189143524806658552851699890422",
"222082711425429855915620392263919488740",
"1645453570858632259199827475326879924",
"25558939891494044258027575971420865350",
"180609025202945700170748805764160104868",
"44953723872945955787086950050218597410",
"182725994440360592884264688469456539751",
"165678414385017350997437442225804352124",
"176044958857386126535146517960053522345",
"297503601667280524429323566395040960477",
"295368644412979672086460471643029499581",
"87390901434857824207928977390750683622",
"8726941277490441442011190390244378437",
"287549953734312420165149084221995890212",
"263871614230667148832757238444717913967",
"175657891224964872056063875245213335786",
"127977388243056318277633377714641726114",
"88278056272020735868650531202706979992",
"335071027322015887468894872036705919469",
"297241172455456714816360093735952491986",
"286493553677242278001782839432870475793",
"95739504631004744330793353417733797629",
"15543517488977972365135734578285711023",
"296428450163062194421577553306187673350",
"141828024222576888978685385685356123718",
"121659731140770669684743407562714523118",
"89860471627573268543579676951703033945",
"184532649863945890014665653494408419797"
],
"threshold": 0.9
},
"target": {
"file": "src/mongo/util/future_impl.h"
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-437ee5e3",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"line_hashes": [
"77315099632387602654522629252481956611",
"181925333261410147692271424606007841609",
"136826746068500416004679873683822100973",
"93308908110241014894679961714869152060",
"157421111845622954622802059743254748543",
"328581612210813313439116065835008034117",
"168371887770576990270765983737681849732",
"173482595559127633205407860342468393871",
"275862015207767002462367680002019310705",
"333621420998714293724847980440416022975",
"72624881170113220118098710310705743791",
"329904459523065518874000714977512676638",
"145909640849663123701180481172977470226",
"81207617425845142558976152577647852686",
"1889317581502594464400317795736202484",
"45502331117283867773475753897470095179",
"190087398995385990231701937470969367702",
"71240918476668993742802804165703000975",
"200151288689833156603191400563595535536",
"16965630188629110734455761182150938691",
"325496488412780261844017888855201650302",
"31939750697818536482290490682729608440",
"156484680650030098724948840581637766493",
"198105222683690511048471991561566453153",
"305679178017168922405881056534100604387",
"246456917054007665615415103269071151310",
"317783454676172057292129481339301693434",
"139943188877774433155835398794554149452",
"80238858040923327730379115439285689728",
"103177936202978409679652754841420944708",
"10528460450294873748895283157766795777",
"135130542914313427773798384645830314334",
"305767154710441216895763490474752817858",
"329151554993677275680775596734642549619",
"204063908033668573404039190566755031661",
"248698800961160833741328804064201113661",
"111174644275296153964761276671922591921",
"4295950955342566419855047098464018257",
"12650532222877998358815255155721161683",
"322735308521187249819502904609226317377",
"299848086016585050041065761728452454133",
"125054418572640556144620639535282852459",
"191002297930510351697623934546028107004",
"31651658653056124267491266229392872054",
"326146206760087046741478386791604187271",
"250066177525863917871557491918333960108",
"184272309564045024928549955607834522943",
"102012316663850581456994516455624892189",
"305927259355110934421327315515395092134",
"265894984481201876030972248854954690119",
"224806619339238651740028549207087216150",
"127759585041802040353174427141247736493",
"101839492065963413481092450273915511035",
"195948715777652388794023293045321115176",
"230967095852377148550249788225480388846",
"23664923404674098336628509212749318535",
"329699611287062825912458753714281433370",
"23192227107677940349151520856021957353",
"120192342875494445677608616009228130619",
"100342006657537529584814911649452451838",
"125475294899982165503271986554539756247",
"10243413336944921618415149446600995738",
"195948715777652388794023293045321115176",
"219754744637063584612333559673580410806",
"17258585459909298616705029472687327319",
"129622731918365979145186844340741183749",
"100876846281668350149140513632556231349",
"50985919586427199707019442848601421962",
"4224406075854583120268853332774732532",
"246147189109683068395107382262055970824",
"28336552063744818457606671652651584807",
"312623080228289278984267875601713603173",
"146329907699615861646534659032559590534",
"31991903128709698128247293641716788171",
"225379767101079273071308984426110109883",
"126452531551414331584900071377718875699",
"92262820185025183733194802134216983435",
"203110430174437278292322508415986433571",
"125921627517116329663134108710040652861"
],
"threshold": 0.9
},
"target": {
"file": "src/mongo/util/future_test_valid.cpp"
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-62610737",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"length": 744.0,
"function_hash": "336198138838905411274318893336233537513"
},
"target": {
"file": "src/mongo/util/future_impl.h",
"function": "makeContinuation"
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-8098ca2a",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"line_hashes": [
"63603265984400190032048702366629966414",
"1905112851259271926051253451099438101",
"77697333467249933171531919000503601726",
"235156842325575126669973096890912689436",
"214520087187874442676849766254341618103",
"278035744906252999716649797931634202360",
"325466641644745534994937899508737765223",
"325156217498792449409285006803808271942",
"245501768480209939720105036940345791281",
"280332599154437206370181279253850105189",
"282038904451015678617977304261988645995",
"56136715739904043586674527636774937449",
"330310301743052705379014078994006364340",
"231817402484381207862930973662359878905",
"26356339869538064291442674194406329523",
"247651385909972629929391184022136627809",
"115335376117130195784269147004802034567",
"9266540033210547471160024286509949600",
"187097948376592342663386045459415357899"
],
"threshold": 0.9
},
"target": {
"file": "src/mongo/util/future.h"
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-8ee3c783",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"length": 320.0,
"function_hash": "313193972827117295850716685049433808777"
},
"target": {
"file": "src/mongo/util/future_test_valid.cpp",
"function": "assertSharedSemiFutureTransfersValid"
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-bf47615c",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"length": 243.0,
"function_hash": "239748482481581205779062583936731957462"
},
"target": {
"file": "src/mongo/util/future_test_valid.cpp",
"function": "assertFutureTransfersValid"
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-e3bed6ad",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"length": 319.0,
"function_hash": "65355681539251009508300892205441276452"
},
"target": {
"file": "src/mongo/util/future_test_valid.cpp",
"function": "assertSemiFutureTransfersValid"
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2024-3372-f4df3a03",
"source": "https://github.com/mongodb/mongo/commit/17c0d8bbee46f15f1574079e266a9997cebe6d0e",
"digest": {
"length": 320.0,
"function_hash": "313193972827117295850716685049433808777"
},
"target": {
"file": "src/mongo/util/future_test_valid.cpp",
"function": "assertSharedSemiFutureSplits"
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
}
]