| VID |
25425 |
| Severity |
40 |
| Port |
27017 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MongoDB installed on the remote host is 3.6.x, 4.0.x, 4.2.x, 4.4.x prior to 4.4.30, 5.0.x prior to 5.0.32, 6.0.x prior to 6.0.27, 7.0.x prior to 7.0.28, 8.0.x prior to 8.0.17, or 8.2.x prior to 8.2.3. It is, therefore, affected by a uninitialized heap memeory leak vulnerability:
- Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. (CVE-2025-14847)
* References:
https://jira.mongodb.org/browse/SERVER-115508
* Platforms Affected:
MongoDB prior to 8.0.17
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MongoDB(8.0.17 later), available from the MongoDB Web page at https://www.mongodb.com/download-center/community |
| Related URL |
CVE-2025-14847 (CVE) |
| Related URL |
94929 (SecurityFocus) |
| Related URL |
(ISS) |
|
