FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

MongoDB -- crash due to improper validation of explain command

Affected packages
mongodb50 < 5.0.31
mongodb60 < 6.0.20
mongodb70 < 7.0.16
mongodb80 < 8.0.4

Details

VuXML ID 350b3389-107f-11f0-8195-b42e991fc52e
Discovery 2025-04-01
Entry 2025-04-03

cna@mongodb.com reports:

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4

[source]

References

CVE Name CVE-2025-3084
URL https://nvd.nist.gov/vuln/detail/CVE-2025-3084

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.