CVE-2016-3104

Published: Apr 14, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.

Affected (2)

Products: Mongodb: Mongodb

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mongodb Mongodb	Version 2.4.0
Mongodb Mongodb	Version 2.6.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

http://www.securityfocus.com/bid/94929

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1324496

Source: secalert@redhat.com

Issue TrackingThird Party AdvisoryVDB Entry

https://jira.mongodb.org/browse/SERVER-24378

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/94929

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1324496

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://jira.mongodb.org/browse/SERVER-24378

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.