12 matches found
CLSA-2026-1773757893 Fix CVE(s): CVE-2025-14847
SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched zlib compressed protocol headers MongoBleed - debian/patches/CVE-2025-14847.patch: Return actual decompressed size instead of buffer size in ZlibMessageCompressor::decompressData - CVE-2025-14847...
MongoDB 3.6.x / 4.0.x / 4.2.x / 4.4.x < 4.4.30 / 5.0.x < 5.0.32 / 6.0.x < 6.0.27 / 7.0.x < 7.0.28 / 8.0.x < 8.0.17 / 8.2.x < 8.2.3 Uninitialized Heap Memory Leak (CVE-2025-14847)
The version of MongoDB installed on the remote host is 3.6.x, 4.0.x, 4.2.x, 4.4.x prior to 4.4.30, 5.0.x prior to 5.0.32, 6.0.x prior to 6.0.27, 7.0.x prior to 7.0.28, 8.0.x prior to 8.0.17, or 8.2.x prior to 8.2.3. It is, therefore, affected by a uninitialized heap memeory leak vulnerability: -...
FreeBSD : MongoDB -- Improper Handling of Length Parameter Inconsistency (c1613867-df16-11f0-8870-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c1613867-df16-11f0-8870-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed...
CVE-2025-14847
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-14847
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-14847
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
EUVD-2025-204529
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-14847
MongoDB vulnerability CVE-2025-14847 (MongoBleed) arises from mismatched length fields in zlib decompression headers, allowing unauthenticated read of uninitialized heap memory. Affected versions include MongoDB Server 3.6.x and 4.x lines (various latest vulnerable builds), 5.0.x, 6.0.x, 7.0.x, 8...
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
Zlib compressed protocol header length confusion may allow memory read
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...
CVE-2025-14847 Zlib compressed protocol header length confusion may allow memory read
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...