{"timestamp":"2024-05-14T17:49:39.437666Z","id":"CVE-2024-3374","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"MongoDB Inc","product":"MongoDB Server","defaultStatus":"unaffected","cpes":["cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*"],"versions":[{"version":"5.0","lessThanOrEqual":"5.0.16","versionType":"custom","status":"affected"},{"version":"6.0","lessThanOrEqual":"6.0.5","versionType":"custom","status":"affected"}]}]

OR
          *cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (including) 5.0.16
          *cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (including) 6.0.5

CVE: https://jira.mongodb.org/browse/SERVER-75601 Types: Issue Tracking, Vendor Advisory

MongoDB, Inc.: https://jira.mongodb.org/browse/SERVER-75601 Types: Issue Tracking, Vendor Advisory

https://jira.mongodb.org/browse/SERVER-75601

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

MongoDB, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

MongoDB, Inc. CWE-617

MongoDB, Inc. https://jira.mongodb.org/browse/SERVER-75601 [No types assigned]