BIT-mongodb-2025-3083

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-3083.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2025-3083
Aliases
Published
2025-09-23T08:46:32.630Z
Modified
2025-09-23T09:27:28.088035Z
Summary
Malformed MongoDB wire protocol messages may cause mongos to crash
Details

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

Database specific 
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
5.0.0
Fixed
5.0.31
Introduced
6.0.0
Fixed
6.0.20
Introduced
7.0.0
Fixed
7.0.16