Vulnerability Details CVE-2024-3374
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.0%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-3374
-
cpe:2.3:a:mongodb:mongodb:5.0.0
-
cpe:2.3:a:mongodb:mongodb:5.0.1
-
cpe:2.3:a:mongodb:mongodb:5.0.10
-
cpe:2.3:a:mongodb:mongodb:5.0.11
-
cpe:2.3:a:mongodb:mongodb:5.0.12
-
cpe:2.3:a:mongodb:mongodb:5.0.13
-
cpe:2.3:a:mongodb:mongodb:5.0.14
-
cpe:2.3:a:mongodb:mongodb:5.0.15
-
cpe:2.3:a:mongodb:mongodb:5.0.16
-
cpe:2.3:a:mongodb:mongodb:5.0.2
-
cpe:2.3:a:mongodb:mongodb:5.0.3
-
cpe:2.3:a:mongodb:mongodb:5.0.4
-
cpe:2.3:a:mongodb:mongodb:5.0.5
-
cpe:2.3:a:mongodb:mongodb:5.0.6
-
cpe:2.3:a:mongodb:mongodb:5.0.7
-
cpe:2.3:a:mongodb:mongodb:5.0.8
-
cpe:2.3:a:mongodb:mongodb:5.0.9
-
cpe:2.3:a:mongodb:mongodb:6.0.0
-
cpe:2.3:a:mongodb:mongodb:6.0.1
-
cpe:2.3:a:mongodb:mongodb:6.0.2
-
cpe:2.3:a:mongodb:mongodb:6.0.3
-
cpe:2.3:a:mongodb:mongodb:6.0.4
-
cpe:2.3:a:mongodb:mongodb:6.0.5