Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-3374

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

Published

2024-05-14T16:17:31.850

Last Modified

2025-09-29T18:05:41.620

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-617

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mongodb	mongodb	≤ 5.0.16	Yes
Application	mongodb	mongodb	≤ 6.0.5	Yes

References

https://jira.mongodb.org/browse/SERVER-75601 Issue Tracking, Vendor Advisory ([email protected])
https://jira.mongodb.org/browse/SERVER-75601 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)