UBUNTU-CVE-2025-12657

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-12657

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-12657.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-12657

Upstream

CVE-2025-12657

Published

2025-11-03T21:18:00Z

Modified

2025-12-16T09:05:43.873642Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
5.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

References

Affected packages

Ubuntu:14.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb@1:2.4.9-1ubuntu2?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6-0ubuntu5

1:2.4.6-0ubuntu6

1:2.4.8-1ubuntu1

1:2.4.8-2

1:2.4.9-1

1:2.4.9-1ubuntu1

1:2.4.9-1ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:2.4.9-1ubuntu2"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:2.4.9-1ubuntu2"
        },
        {
            "binary_name": "mongodb-dev",
            "binary_version": "1:2.4.9-1ubuntu2"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:2.4.9-1ubuntu2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-12657.json"

Ubuntu:16.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb@1:2.6.10-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.10-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:2.6.10-0ubuntu1"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:2.6.10-0ubuntu1"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:2.6.10-0ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-12657.json"

Ubuntu:18.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb@1:3.6.3-0ubuntu1.4?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.4.7-1

1:3.4.7-1ubuntu1

1:3.4.7-1ubuntu2

1:3.4.7-1ubuntu4

1:3.4.14-3ubuntu1

1:3.4.14-3ubuntu2

1:3.6.3-0ubuntu1

1:3.6.3-0ubuntu1.1

1:3.6.3-0ubuntu1.3

1:3.6.3-0ubuntu1.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:3.6.3-0ubuntu1.4"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:3.6.3-0ubuntu1.4"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:3.6.3-0ubuntu1.4"
        },
        {
            "binary_name": "mongodb-server-core",
            "binary_version": "1:3.6.3-0ubuntu1.4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-12657.json"

Ubuntu:20.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb@1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu2

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        },
        {
            "binary_name": "mongodb-server-core",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-12657.json"