BIT-mongodb-2025-12657

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-12657.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mongodb-2025-12657

Published

2025-12-13T11:42:23.275Z

Modified

2025-12-13T12:06:38.127609Z

Summary

Malformed KMIP response may result in access violation

Details

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*"
    ]
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

5.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

6.0.0

Fixed

7.0.22

Introduced

8.0.0

Fixed

8.0.10

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-12657.json"