CVE-2025-3083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-3083

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3083.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-3083

Aliases

BIT-mongodb-2025-3083

Downstream

UBUNTU-CVE-2025-3083

Published

2025-04-01T12:15:15Z

Modified

2025-09-24T12:41:14.881227Z

Summary

[none]

Details

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

References

https://jira.mongodb.org/browse/SERVER-103152

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

1184f004a99660de6f5e745573419bda8a28c0e9

Fixed

e8c5dca807cdfef1c9b3141c4c2bcd613d9700e7

Affected versions

r5.*

r5.0.0

r5.0.1

r5.0.1-rc0

r5.0.10

r5.0.10-rc0

r5.0.11

r5.0.11-rc0

r5.0.11-rc1

r5.0.12

r5.0.12-rc0

r5.0.13

r5.0.13-rc0

r5.0.14

r5.0.14-rc0

r5.0.15

r5.0.15-rc0

r5.0.15-rc1

r5.0.15-rc2

r5.0.16

r5.0.16-rc0

r5.0.17

r5.0.17-rc0

r5.0.18

r5.0.18-rc0

r5.0.18-rc1

r5.0.18-rc2

r5.0.19

r5.0.19-rc0

r5.0.2

r5.0.2-rc0

r5.0.20

r5.0.20-rc0

r5.0.20-rc1

r5.0.21

r5.0.21-rc0

r5.0.22

r5.0.22-rc0

r5.0.22-rc1

r5.0.23

r5.0.23-rc0

r5.0.24

r5.0.24-rc0

r5.0.25

r5.0.25-rc0

r5.0.26

r5.0.26-rc0

r5.0.27

r5.0.27-rc0

r5.0.28

r5.0.28-rc0

r5.0.29

r5.0.29-rc0

r5.0.3

r5.0.3-rc0

r5.0.3-rc1

r5.0.3-rc2

r5.0.30

r5.0.31-rc0

r5.0.4

r5.0.4-rc0

r5.0.5

r5.0.5-rc0

r5.0.6

r5.0.6-rc0

r5.0.6-rc1

r5.0.6-rc2

r5.0.7

r5.0.7-rc0

r5.0.7-rc1

r5.0.8

r5.0.8-rc0

r5.0.9

r5.0.9-rc0

r5.0.9-rc1