CVE-2024-8654 MEDIUM

CVE-2024-8654: MongoDB Server may access non-initialized region of memory leading to unexpected behaviour

Vendor Mongodb Inc
Product MongoDB Server
Weakness CWE-908
Published September 10, 2024
Last update May 16, 2025

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
May 16, 2025 Record updated