CVE-2024-3372

EPSS 0.41%
Published 14.05.2024 16:17:31
Last modified 22.09.2025 13:36:41
Source cna@mongodb.com
Teams watchlist Login
Open Login

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mongodb ≫ Mongodb Version >= 5.0.0 < 5.0.25

Mongodb ≫ Mongodb Version >= 6.0.0 < 6.0.14

Mongodb ≫ Mongodb Version >= 7.0.0 < 7.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.606

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@mongodb.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://jira.mongodb.org/browse/SERVER-85263

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-3372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3372

EUVD