FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

MongoDB -- Malformed wire protocol messages may cause mongos to crash

Affected packages
mongodb50 < 5.0.31
mongodb60 < 6.0.20
mongodb70 < 7.0.16

Details

VuXML ID 32f5e57f-107f-11f0-8195-b42e991fc52e
Discovery 2025-04-01
Entry 2025-04-03

cna@mongodb.com reports:

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7.0 versions prior to 7.0.16

[source]

References

CVE Name CVE-2025-3083
URL https://nvd.nist.gov/vuln/detail/CVE-2025-3083

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.