{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10921","assignerOrgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","state":"PUBLISHED","assignerShortName":"mongodb","dateReserved":"2024-11-06T13:26:36.873Z","datePublished":"2024-11-14T16:04:04.062Z","dateUpdated":"2024-11-15T09:45:56.720Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"MongoDB Server","vendor":"MongoDB Inc","versions":[{"lessThan":"5.0.30","status":"affected","version":"5.0","versionType":"custom"},{"lessThan":"6.0.19","status":"affected","version":"6.0","versionType":"custom"},{"lessThan":"7.0.15","status":"affected","version":"7.0","versionType":"custom"},{"lessThan":"8.0.3","status":"affected","version":"8.0","versionType":"custom"}]}],"datePublic":"2024-11-14T16:02:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
"}],"value":"An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-158","description":"CWE-158: Improper Neutralization of Null Byte or NUL Character","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","shortName":"mongodb","dateUpdated":"2024-11-15T09:45:56.720Z"},"references":[{"url":"https://jira.mongodb.org/browse/SERVER-96419"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Customers and users should promptly upgrade to a patched version of the MongoDB Server product. At the time of publication, no misuse of this issue has been observed.
"}],"value":"Customers and users should promptly upgrade to a patched version of the MongoDB Server product. At the time of publication, no misuse of this issue has been observed."}],"source":{"discovery":"INTERNAL"},"title":"Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-14T17:00:58.644599Z","id":"CVE-2024-10921","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-14T17:02:00.691Z"}}]}}