CVE-2024-3374

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.
References
Link Resource
https://jira.mongodb.org/browse/SERVER-75601 Issue Tracking Vendor Advisory
https://jira.mongodb.org/browse/SERVER-75601 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

History

29 Sep 2025, 18:05

Type Values Removed Values Added
First Time Mongodb mongodb
Mongodb
CPE cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
References () https://jira.mongodb.org/browse/SERVER-75601 - () https://jira.mongodb.org/browse/SERVER-75601 - Issue Tracking, Vendor Advisory

21 Nov 2024, 09:29

Type Values Removed Values Added
References () https://jira.mongodb.org/browse/SERVER-75601 - () https://jira.mongodb.org/browse/SERVER-75601 -

14 May 2024, 19:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2025-09-29 18:05


NVD link : CVE-2024-3374

Mitre link : CVE-2024-3374

CVE.ORG link : CVE-2024-3374


JSON object : View

Products Affected

mongodb

  • mongodb
CWE
CWE-617

Reachable Assertion