Back

CVE-2024-8654

Sept. 10, 2024, 3:50 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

MongoDB Server

  • 6.0.0
  • 6.0.1
  • 6.0.2
  • 6.0.3

Source

cna@mongodb.com

Tags

cna@mongodb.com
CWE-908
2024-09-10
CVE-2024-8654

CVE-2024-8654 details

Published : Sept. 10, 2024, 2:15 p.m.
Last Modified : Sept. 10, 2024, 3:50 p.m.

Description

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

CVSS Score

1 2 3 4 5.0 6 7 8 9 10

Weakness

Weakness Name Description
CWE-908 Use of Uninitialized Resource The product uses or accesses a resource that has not been initialized.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

5.0

Exploitability Score

1.6

Impact Score

3.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://jira.mongodb.org/browse/SERVER-71477 cna@mongodb.com
This website uses the NVD API, but is not approved or certified by it.