Lucene search
K

12 matches found

OSV
OSV
added 2026/03/17 2:31 p.m.10 views

CLSA-2026-1773757893 Fix CVE(s): CVE-2025-14847

SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched zlib compressed protocol headers MongoBleed - debian/patches/CVE-2025-14847.patch: Return actual decompressed size instead of buffer size in ZlibMessageCompressor::decompressData - CVE-2025-14847...

8.7CVSS5.9AI score0.83007EPSS
Exploits39References1
Tenable Nessus
Tenable Nessus
added 2025/12/29 12:0 a.m.17 views

MongoDB 3.6.x / 4.0.x / 4.2.x / 4.4.x < 4.4.30 / 5.0.x < 5.0.32 / 6.0.x < 6.0.27 / 7.0.x < 7.0.28 / 8.0.x < 8.0.17 / 8.2.x < 8.2.3 Uninitialized Heap Memory Leak (CVE-2025-14847)

The version of MongoDB installed on the remote host is 3.6.x, 4.0.x, 4.2.x, 4.4.x prior to 4.4.30, 5.0.x prior to 5.0.32, 6.0.x prior to 6.0.27, 7.0.x prior to 7.0.28, 8.0.x prior to 8.0.17, or 8.2.x prior to 8.2.3. It is, therefore, affected by a uninitialized heap memeory leak vulnerability: -...

8.7CVSS7.5AI score0.83007EPSS
Exploits39References2
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.6 views

FreeBSD : MongoDB -- Improper Handling of Length Parameter Inconsistency (c1613867-df16-11f0-8870-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c1613867-df16-11f0-8870-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed...

8.7CVSS8.2AI score0.83007EPSS
Exploits39References3
RedhatCVE
RedhatCVE
added 2025/12/20 11:13 a.m.10 views

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS6.9AI score0.83007EPSS
Exploits39References1
NVD
NVD
added 2025/12/19 11:15 a.m.11 views

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS0.83007EPSS
Exploits39References6
UbuntuCve
UbuntuCve
added 2025/12/19 11:15 a.m.9 views

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7AI score0.83007EPSS
Exploits39References4
EUVD
EUVD
added 2025/12/19 11:0 a.m.8 views

EUVD-2025-204529

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS6.4AI score0.83007EPSS
Exploits39References2
CVE
CVE
added 2025/12/19 11:0 a.m.682 views

CVE-2025-14847

MongoDB vulnerability CVE-2025-14847 (MongoBleed) arises from mismatched length fields in zlib decompression headers, allowing unauthenticated read of uninitialized heap memory. Affected versions include MongoDB Server 3.6.x and 4.x lines (various latest vulnerable builds), 5.0.x, 6.0.x, 7.0.x, 8...

8.7CVSS6.5AI score0.83007EPSS
In wildExploits39References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/19 11:0 a.m.8 views

CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS6.5AI score0.83007EPSS
Exploits39References1
MongoDB
MongoDB
added 2025/12/19 11:0 a.m.20 views

Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7AI score0.83007EPSS
Exploits39References1Affected Software1
OSV
OSV
added 2025/12/19 11:0 a.m.10 views

CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7.2AI score0.83007EPSS
Exploits39References8
Cvelist
Cvelist
added 2025/12/19 11:0 a.m.41 views

CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS0.83007EPSS
Exploits39References1
Rows per page
Query Builder