MongoDB Server 6.0.3: Agg Stage Null Mem Access (Zero-Arg)
CVE-2024-8654 Published on September 10, 2024

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

NVD

Vulnerability Analysis

CVE-2024-8654 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.


Products Associated with CVE-2024-8654

Want to know whenever a new CVE is published for MongoDB? stack.watch will email you.

MongoDB
 

Affected Versions

MongoDB Inc MongoDB Server Version 6.0.3 is affected by CVE-2024-8654

Exploit Probability

EPSS
0.45%
Percentile
63.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.