CVE-2024-3374
MongoDB Server (mongod) may crash when generating ftdc
5.3
MEDIUM
CVSS 3.1
EPSS 0.61%
Description
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.
How to fix CVE-2024-3374
To remediate CVE-2024-3374, upgrade the affected package to a fixed version below.
- —upgrade to 5.0.26 or later
Is CVE-2024-3374 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 5.0.0, < 5.0.26, >= 6.0.0, < 6.0.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |