CVE-2024-3374

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-75601	Issue Tracking Vendor Advisory
https://jira.mongodb.org/browse/SERVER-75601	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::

History

29 Sep 2025, 18:05

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mongodb:mongodb::::::::
References	~~() https://jira.mongodb.org/browse/SERVER-75601 -~~	() https://jira.mongodb.org/browse/SERVER-75601 - Issue Tracking, Vendor Advisory
First Time		Mongodb Mongodb mongodb

Information

Published : 2024-05-14 16:17

Updated : 2025-09-29 18:05

NVD link : CVE-2024-3374

Mitre link : CVE-2024-3374

CVE.ORG link : CVE-2024-3374

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-617

Reachable Assertion

{"id": "CVE-2024-3374", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-05-14T16:17:31.850", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-75601", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cna@mongodb.com"}, {"url": "https://jira.mongodb.org/browse/SERVER-75601", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n"}, {"lang": "es", "value": "Un usuario no autenticado puede desencadenar una afirmaci\u00f3n fatal en el servidor mientras genera m\u00e9tricas de diagn\u00f3stico ftdc debido a que intenta crear un objeto BSON que excede ciertos tama\u00f1os de memoria. Este problema afecta a las versiones de MongoDB Server v5.0 anteriores a la 5.0.16 incluida y a las versiones de MongoDB Server v6.0 anteriores a la 6.0.5 incluida."}], "lastModified": "2025-09-29T18:05:41.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02244D56-4E75-4269-9A21-E6801CEBB2D2", "versionEndIncluding": "5.0.16", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C0CDC01-0510-4AA6-BB66-FF48CA952979", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}