Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-3372

Опубликовано: 14 мая 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Openshift Container Storage 4ocs4/mcg-core-rhel8Out of support scope
Red Hat Openshift Data Foundation 4odf4/mcg-core-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2280683mongodb: invalid BSON causes DoS

EPSS

Процентиль: 59%
0.00378
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-3372

CVSS3: 7.5
ubuntu
больше 1 года назад

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

nvd логотип

CVE-2024-3372

CVSS3: 7.5
nvd
больше 1 года назад

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

debian логотип

CVE-2024-3372

CVSS3: 7.5
debian
больше 1 года назад

Improper validation of certain metadata input may result in the server ...

github логотип

GHSA-f2rm-5vrw-3cjp

CVSS3: 7.5
github
больше 1 года назад

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

EPSS

Процентиль: 59%
0.00378
Низкий

7.5 High

CVSS3