CVE-2024-3372

Name	CVE-2024-3372
Description	Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mongodb (PTS)	jessie	1:2.4.10-5+deb8u1	vulnerable
	stretch (security), stretch (lts), stretch	1:3.2.11-2+deb9u2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mongodb	source	jessie	(unfixed)	end-of-life
mongodb	source	stretch	(unfixed)	end-of-life
mongodb	source	(unstable)	(unfixed)