A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript (for example, via $where or $function) can cause the server to access memory that has already been freed. This may result in disclosure of information from the mongod process memory or a denial of service through a server crash.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMongodb
APPMongodb4.4.0 – 4.4.31 (bez)5.0.0 – 5.0.34 (bez)6.0.0 – 6.0.29 (bez)7.0.0 – 7.0.37 (bez)8.0.0 – 8.0.26 (bez)8.2.0 – 8.2.11 (bez)8.3.0 – 8.3.4 (bez)
Related vulnerabilities
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMe...
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by ...
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Cli...
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod p...
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" param...