24.5 C
Canberra
Saturday, January 3, 2026
HomeCyber Security
Cyber Security

New MongoDB Flaw Lets Unauthenticated Attackers Learn Uninitialized Reminiscence

sales@avisionmarketing.com
By sales@avisionmarketing.com
0
3
New MongoDB Flaw Lets Unauthenticated Attackers Learn Uninitialized Reminiscence


Dec 27, 2025Ravie LakshmananDatabase Safety / Vulnerability

New MongoDB Flaw Lets Unauthenticated Attackers Learn Uninitialized Reminiscence

A high-severity safety flaw has been disclosed in MongoDB that might enable unauthenticated customers to learn uninitialized heap reminiscence.

The vulnerability, tracked as CVE-2025-14847 (CVSS rating: 8.7), has been described as a case of improper dealing with of size parameter inconsistency, which arises when a program fails to appropriately deal with eventualities the place a size subject is inconsistent with the precise size of the related information.

“Mismatched size fields in Zlib compressed protocol headers might enable a learn of uninitialized heap reminiscence by an unauthenticated consumer,” in accordance with a description of the flaw in CVE.org.

Cybersecurity

The flaw impacts the next variations of the database –

  • MongoDB 8.2.0 by 8.2.3
  • MongoDB 8.0.0 by 8.0.16
  • MongoDB 7.0.0 by 7.0.26
  • MongoDB 6.0.0 by 6.0.26
  • MongoDB 5.0.0 by 5.0.31
  • MongoDB 4.4.0 by 4.4.29
  • All MongoDB Server v4.2 variations
  • All MongoDB Server v4.0 variations
  • All MongoDB Server v3.6 variations

The problem has been addressed in MongoDB variations 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.

“An client-side exploit of the Server’s zlib implementation can return uninitialized heap reminiscence with out authenticating to the server,” MongoDB mentioned. “We strongly advocate upgrading to a hard and fast model as quickly as doable.”

Cybersecurity

If instant replace shouldn’t be an possibility, it is really helpful to disable zlib compression on the MongoDB Server by beginning mongod or mongos with a networkMessageCompressors or a internet.compression.compressors possibility that explicitly omits zlib. The opposite compressor choices supported by MongoDB are snappy and zstd.

“CVE-2025-14847 permits a distant, unauthenticated attacker to set off a situation by which the MongoDB server might return uninitialized reminiscence from its heap,” OP Innovate mentioned. “This might outcome within the disclosure of delicate in-memory information, together with inner state data, pointers, or different information which will help an attacker in additional exploitation.”

Previous article
EDL 017: The Way forward for drones in Golf course administration – A Dialog with Graham Heinrich
Next article
How Taxbit achieved value financial savings and sooner processing occasions utilizing Amazon S3 Tables
sales@avisionmarketing.com
sales@avisionmarketing.comhttp://osrtech.net

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

[td_block_social_counter facebook="tagdiv" twitter="tagdivofficial" youtube="tagdiv" style="style8 td-social-boxed td-social-font-icons" tdc_css="eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjM4IiwiZGlzcGxheSI6IiJ9LCJwb3J0cmFpdCI6eyJtYXJnaW4tYm90dG9tIjoiMzAiLCJkaXNwbGF5IjoiIn0sInBvcnRyYWl0X21heF93aWR0aCI6MTAxOCwicG9ydHJhaXRfbWluX3dpZHRoIjo3Njh9" custom_title="Stay Connected" block_template_id="td_block_template_8" f_header_font_family="712" f_header_font_transform="uppercase" f_header_font_weight="500" f_header_font_size="17" border_color="#dd3333"]
- Advertisement -spot_img

Latest Articles

Load more

ABOUT US

Osrtech is your Technology, Nanotechnology, 3D Printing, Cloud Computing, Robotics, IOS Development, Big Data, Telecom, Cyber Security, 3D Printing and Artificial Intelligence related news website. We provide you with the latest breaking news and videos straight from the Tech industry.

Copyright © osrtech.net. All rights reserved.