CVE-2025-14847

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

1184f004a99660de6f5e745573419bda8a28c0e9

Fixed

1c23b749ffbe99573fd065904a0a87368c1c6523

Introduced

37d84072b5c5b9fd723db5fa133fb202ad2317f1

Fixed

5393ef6c933e57093d11f704e611195301a967dd

Introduced

a57d8e71e6998a2d0afde7edc11bd23e5661c915

Fixed

1ae4c9990dbc5711f3500748f0c3f8b5d375d8c0

Introduced

b41cda4fe697dce6fd9b83b3805362ccc02fbeb3

Fixed

fe4a0b8cf49fd664128bcf668c046292c8e8eb80

Introduced

b993867dce63dd366cd93e60f3f425ed716f6497

Fixed

029d8f99bf1e828b5327946b9c820bf493f466f1

Introduced

e61bf27c2f6a83fed36e5a13c008a32d563babe2

Fixed

2884bcf91236785867396e7916eeb873c59f84cd

Affected versions

r5.*

r5.0.0

r5.0.1

r5.0.1-rc0

r5.0.10

r5.0.10-rc0

r5.0.11

r5.0.11-rc0

r5.0.11-rc1

r5.0.12

r5.0.12-rc0

r5.0.13

r5.0.13-rc0

r5.0.14

r5.0.14-rc0

r5.0.15

r5.0.15-rc0

r5.0.15-rc1

r5.0.15-rc2

r5.0.16

r5.0.16-rc0

r5.0.17

r5.0.17-rc0

r5.0.18

r5.0.18-rc0

r5.0.18-rc1

r5.0.18-rc2

r5.0.19

r5.0.19-rc0

r5.0.2

r5.0.2-rc0

r5.0.20

r5.0.20-rc0

r5.0.20-rc1

r5.0.21

r5.0.21-rc0

r5.0.22

r5.0.22-rc0

r5.0.22-rc1

r5.0.23

r5.0.23-rc0

r5.0.24

r5.0.24-rc0

r5.0.25

r5.0.25-rc0

r5.0.26

r5.0.26-rc0

r5.0.27

r5.0.27-rc0

r5.0.28

r5.0.28-rc0

r5.0.29

r5.0.29-rc0

r5.0.3

r5.0.3-rc0

r5.0.3-rc1

r5.0.3-rc2

r5.0.30

r5.0.31

r5.0.31-rc0

r5.0.31-rc1

r5.0.4

r5.0.4-rc0

r5.0.5

r5.0.5-rc0

r5.0.6

r5.0.6-rc0

r5.0.6-rc1

r5.0.6-rc2

r5.0.7

r5.0.7-rc0

r5.0.7-rc1

r5.0.8

r5.0.8-rc0

r5.0.9

r5.0.9-rc0

r5.0.9-rc1

r6.*

r6.0.0

r6.0.1

r6.0.1-rc0

r6.0.10

r6.0.10-rc0

r6.0.11

r6.0.11-rc0

r6.0.12

r6.0.12-rc0

r6.0.12-rc1

r6.0.13

r6.0.13-rc0

r6.0.14

r6.0.14-rc0

r6.0.14-rc1

r6.0.15

r6.0.15-rc0

r6.0.16

r6.0.16-rc0

r6.0.17

r6.0.17-rc0

r6.0.18

r6.0.18-rc0

r6.0.19

r6.0.2

r6.0.2-rc0

r6.0.2-rc1

r6.0.20

r6.0.20-rc0

r6.0.20-rc1

r6.0.20-rc2

r6.0.20-rc3

r6.0.21

r6.0.24

r6.0.24-alpha0

r6.0.24-rc0

r6.0.25

r6.0.25-rc0

r6.0.26

r6.0.26-rc0

r6.0.3

r6.0.3-rc0

r6.0.3-rc1

r6.0.3-rc2

r6.0.4

r6.0.4-rc0

r6.0.4-rc1

r6.0.5

r6.0.5-rc0

r6.0.5-rc1

r6.0.6

r6.0.6-rc0

r6.0.6-rc1

r6.0.7

r6.0.7-rc0

r6.0.8

r6.0.8-rc0

r6.0.9

r6.0.9-rc0

r6.0.9-rc1

r7.*

r7.0.0

r7.0.1

r7.0.1-rc0

r7.0.10

r7.0.10-rc0

r7.0.11

r7.0.11-rc0

r7.0.11-rc1

r7.0.11-rc2

r7.0.12

r7.0.12-rc0

r7.0.12-rc1

r7.0.13

r7.0.13-rc0

r7.0.13-rc1

r7.0.14

r7.0.14-rc0

r7.0.15

r7.0.15-rc0

r7.0.15-rc1

r7.0.16

r7.0.16-rc0

r7.0.16-rc1

r7.0.17

r7.0.18

r7.0.2

r7.0.2-rc0

r7.0.2-rc1

r7.0.2-rc2

r7.0.21

r7.0.21-alpha0

r7.0.21-rc0

r7.0.22

r7.0.22-rc0

r7.0.23

r7.0.23-rc0

r7.0.23-rc1

r7.0.24

r7.0.24-rc0

r7.0.25-alpha0

r7.0.26

r7.0.26-rc0

r7.0.27-alpha0

r7.0.3

r7.0.3-rc0

r7.0.3-rc1

r7.0.4

r7.0.4-rc0

r7.0.5

r7.0.5-rc0

r7.0.6

r7.0.6-rc0

r7.0.7

r7.0.7-rc0

r7.0.7-rc1

r7.0.7-rc2

r7.0.8

r7.0.8-rc0

r7.0.9

r7.0.9-rc0

r7.0.9-rc1

r8.*

r8.0.0

r8.0.1

r8.0.1-rc0

r8.0.10

r8.0.10-rc0

r8.0.12

r8.0.12-rc0

r8.0.13

r8.0.13-rc0

r8.0.13-rc1

r8.0.13-rc2

r8.0.14

r8.0.14-rc0

r8.0.14-rc1

r8.0.16

r8.0.16-rc0

r8.0.16-rc1

r8.0.17-alpha0

r8.0.2

r8.0.3

r8.0.4

r8.0.4-rc0

r8.0.5

r8.0.5-rc0

r8.0.5-rc1

r8.0.5-rc2

r8.0.6

r8.2.0

r8.2.1

r8.2.1-rc0

r8.2.1-rc1

r8.2.2

r8.2.2-rc0

r8.2.3-alpha0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-14847-13884a8b",
        "signature_version": "v1",
        "digest": {
            "function_hash": "44539952122951193820189895803505653784",
            "length": 490.0
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/fe4a0b8cf49fd664128bcf668c046292c8e8eb80",
        "signature_type": "Function",
        "target": {
            "file": "src/mongo/transport/message_compressor_zlib.cpp",
            "function": "ZlibMessageCompressor::decompressData"
        }
    },
    {
        "id": "CVE-2025-14847-2672476e",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "211077663858312802762630252894462912840",
                "108728768873483154284341851081759426662",
                "7538840824503348162464178445371897847",
                "142796457045306062584193826862728233526"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/fe4a0b8cf49fd664128bcf668c046292c8e8eb80",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/transport/message_compressor_zlib.cpp"
        }
    },
    {
        "id": "CVE-2025-14847-2c754b74",
        "signature_version": "v1",
        "digest": {
            "function_hash": "44539952122951193820189895803505653784",
            "length": 490.0
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/029d8f99bf1e828b5327946b9c820bf493f466f1",
        "signature_type": "Function",
        "target": {
            "file": "src/mongo/transport/message_compressor_zlib.cpp",
            "function": "ZlibMessageCompressor::decompressData"
        }
    },
    {
        "id": "CVE-2025-14847-3e211a73",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "211077663858312802762630252894462912840",
                "108728768873483154284341851081759426662",
                "7538840824503348162464178445371897847",
                "142796457045306062584193826862728233526"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/5393ef6c933e57093d11f704e611195301a967dd",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/transport/message_compressor_zlib.cpp"
        }
    },
    {
        "id": "CVE-2025-14847-4ebe53be",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "223578843072983623210289619587567631381",
                "288184508368085275043734472693346273551",
                "313704369924452525807126154127698479273",
                "27538339864533392307620662921615754536",
                "86944101300784522366181838095985448845",
                "52643030315872368518429516134699151301"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/029d8f99bf1e828b5327946b9c820bf493f466f1",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/transport/message_compressor_manager_test.cpp"
        }
    },
    {
        "id": "CVE-2025-14847-659ff257",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "223578843072983623210289619587567631381",
                "288184508368085275043734472693346273551",
                "313704369924452525807126154127698479273",
                "27538339864533392307620662921615754536",
                "86944101300784522366181838095985448845",
                "52643030315872368518429516134699151301"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/5393ef6c933e57093d11f704e611195301a967dd",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/transport/message_compressor_manager_test.cpp"
        }
    },
    {
        "id": "CVE-2025-14847-88c29d34",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "223578843072983623210289619587567631381",
                "288184508368085275043734472693346273551",
                "313704369924452525807126154127698479273",
                "27538339864533392307620662921615754536",
                "86944101300784522366181838095985448845",
                "52643030315872368518429516134699151301"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/fe4a0b8cf49fd664128bcf668c046292c8e8eb80",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/transport/message_compressor_manager_test.cpp"
        }
    },
    {
        "id": "CVE-2025-14847-cf2dd3d4",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "211077663858312802762630252894462912840",
                "108728768873483154284341851081759426662",
                "7538840824503348162464178445371897847",
                "142796457045306062584193826862728233526"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/029d8f99bf1e828b5327946b9c820bf493f466f1",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/transport/message_compressor_zlib.cpp"
        }
    },
    {
        "id": "CVE-2025-14847-e9764b4c",
        "signature_version": "v1",
        "digest": {
            "function_hash": "44539952122951193820189895803505653784",
            "length": 490.0
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/5393ef6c933e57093d11f704e611195301a967dd",
        "signature_type": "Function",
        "target": {
            "file": "src/mongo/transport/message_compressor_zlib.cpp",
            "function": "ZlibMessageCompressor::decompressData"
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14847.json"