Home
HIGH: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NHIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
8.3.0 (custom) before 8.3.3
affected
8.2.0 (custom) before 8.2.10
affected
8.0.0 (custom) before 8.0.24
affected
7.0.0 (custom) before 7.0.35
affected
Description
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.
Problem types
CWE-674 Uncontrolled Recursion
Product status
8.3.0 (custom) before 8.3.3
8.2.0 (custom) before 8.2.10
8.0.0 (custom) before 8.0.24
7.0.0 (custom) before 7.0.35
References
jira.mongodb.org/browse/SERVER-125063