CVE-2024-3374

Опубликовано: 14 мая 2024

Источник: redhat

CVSS3: 5.3

Описание

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

A flaw was found in MongoDB. This flaw allows an unauthenticated user to trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Openshift Container Storage 4	ocs4/mcg-core-rhel8	Out of support scope
Red Hat Openshift Data Foundation 4	noobaa-core-container	Not affected
Red Hat Openshift Data Foundation 4	odf4/mcg-core-rhel9	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=2280546mongodb: trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-3374

CVSS3: 5.3

ubuntu

больше 1 года назад

CVE-2024-3374

CVSS3: 5.3

nvd

больше 1 года назад

CVE-2024-3374

CVSS3: 5.3

debian

больше 1 года назад

An unauthenticated user can trigger a fatal assertion in the server wh ...

GHSA-8j48-r5wc-gvr3

CVSS3: 5.3

github

больше 1 года назад

5.3 Medium

CVSS3