CVE-2024-3372

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-3372

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3372.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-3372

Aliases

BIT-mongodb-2024-3372

Downstream

UBUNTU-CVE-2024-3372

Published

2024-05-14T16:17:31.343Z

Modified

2026-04-09T10:09:32.477353Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

References

https://jira.mongodb.org/browse/SERVER-85263

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type

GIT

Repo

https://github.com/mongodb/mongo

Events

Introduced

1184f004a99660de6f5e745573419bda8a28c0e9

Fixed

17c0d8bbee46f15f1574079e266a9997cebe6d0e

Introduced

e61bf27c2f6a83fed36e5a13c008a32d563babe2

Fixed

bda19256b0e3fa7f6d3d769329ba373a72e9aeb1

Introduced

37d84072b5c5b9fd723db5fa133fb202ad2317f1

Fixed

0eb07427dc794bff511ecbd071687aee6c351cf8

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.25"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.14"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.6"
        }
    ]
}

Affected versions

r5.*

r5.0.0

r5.0.1

r5.0.1-rc0

r5.0.10

r5.0.10-rc0

r5.0.11

r5.0.11-rc0

r5.0.11-rc1

r5.0.12

r5.0.12-rc0

r5.0.13

r5.0.13-rc0

r5.0.14

r5.0.14-rc0

r5.0.15

r5.0.15-rc0

r5.0.15-rc1

r5.0.15-rc2

r5.0.16

r5.0.16-rc0

r5.0.17

r5.0.17-rc0

r5.0.18

r5.0.18-rc0

r5.0.18-rc1

r5.0.18-rc2

r5.0.19

r5.0.19-rc0

r5.0.2

r5.0.2-rc0

r5.0.20

r5.0.20-rc0

r5.0.20-rc1

r5.0.21

r5.0.21-rc0

r5.0.22

r5.0.22-rc0

r5.0.22-rc1

r5.0.23

r5.0.23-rc0

r5.0.24

r5.0.24-rc0

r5.0.3

r5.0.3-rc0

r5.0.3-rc1

r5.0.3-rc2

r5.0.4

r5.0.4-rc0

r5.0.5

r5.0.5-rc0

r5.0.6

r5.0.6-rc0

r5.0.6-rc1

r5.0.6-rc2

r5.0.7

r5.0.7-rc0

r5.0.7-rc1

r5.0.8

r5.0.8-rc0

r5.0.9

r5.0.9-rc0

r5.0.9-rc1

r6.*

r6.0.0

r6.0.1

r6.0.1-rc0

r6.0.10

r6.0.10-rc0

r6.0.11

r6.0.11-rc0

r6.0.12

r6.0.12-rc0

r6.0.12-rc1

r6.0.13

r6.0.13-rc0

r6.0.14-rc0

r6.0.2

r6.0.2-rc0

r6.0.2-rc1

r6.0.3

r6.0.3-rc0

r6.0.3-rc1

r6.0.3-rc2

r6.0.4

r6.0.4-rc0

r6.0.4-rc1

r6.0.5

r6.0.5-rc0

r6.0.5-rc1

r6.0.6

r6.0.6-rc0

r6.0.6-rc1

r6.0.7

r6.0.7-rc0

r6.0.8

r6.0.8-rc0

r6.0.9

r6.0.9-rc0

r6.0.9-rc1

r7.*

r7.0.0

r7.0.1

r7.0.1-rc0

r7.0.2

r7.0.2-rc0

r7.0.2-rc1

r7.0.2-rc2

r7.0.3

r7.0.3-rc0

r7.0.3-rc1

r7.0.4

r7.0.4-rc0

r7.0.5

r7.0.5-rc0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3372.json"