USN-8160-1
- Source
- https://ubuntu.com/security/notices/USN-8160-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8160-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-8160-1
- Upstream
- Related
- Published
- 2026-04-09T13:11:41Z
- Modified
- 2026-04-13T13:29:12.928376085Z
- Summary
- mongodb vulnerability
- Details
-
It was discovered that MongoDB incorrectly handled length parameters in zlib-compressed network messages prior to authentication. An unauthenticated remote attacker could possibly use this issue to cause MongoDB to allocate an oversized memory buffer, resulting in the exposure of sensitive information.
- References
Affected packages
Ubuntu:Pro:18.04:LTS / mongodb
Package
- Name
- mongodb
- Purl
- pkg:deb/ubuntu/mongodb@1:3.6.3-0ubuntu1.4+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.6.3-0ubuntu1.4+esm2
Affected versions
1:3.*
1:3.4.7-1
1:3.4.7-1ubuntu1
1:3.4.7-1ubuntu2
1:3.4.7-1ubuntu4
1:3.4.14-3ubuntu1
1:3.4.14-3ubuntu2
1:3.6.3-0ubuntu1
1:3.6.3-0ubuntu1.1
1:3.6.3-0ubuntu1.3
1:3.6.3-0ubuntu1.4
1:3.6.3-0ubuntu1.4+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1:3.6.3-0ubuntu1.4+esm2",
"binary_name": "mongodb"
},
{
"binary_version": "1:3.6.3-0ubuntu1.4+esm2",
"binary_name": "mongodb-clients"
},
{
"binary_version": "1:3.6.3-0ubuntu1.4+esm2",
"binary_name": "mongodb-server"
},
{
"binary_version": "1:3.6.3-0ubuntu1.4+esm2",
"binary_name": "mongodb-server-core"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8160-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"id": "CVE-2025-14847"
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
Ubuntu:Pro:20.04:LTS / mongodb
Package
- Name
- mongodb
- Purl
- pkg:deb/ubuntu/mongodb@1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Affected versions
1:3.*
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1",
"binary_name": "mongodb"
},
{
"binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1",
"binary_name": "mongodb-clients"
},
{
"binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1",
"binary_name": "mongodb-server"
},
{
"binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1",
"binary_name": "mongodb-server-core"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8160-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"id": "CVE-2025-14847"
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}