All Products
Document Center

[Vulnerability notice] MongoDB BSON remote DoS vulnerability

Last Updated: Apr 08, 2018

Vulnerability description

The MongoDB server cannot verify some malformed BSON instances, causing preauthentication failures. Malformed BSON messages can trigger exceptions on the server, resulting in breakdown.

Affected scope

MongoDB 2.4.12, 2.6.7, 3.0.0-rc8

How to fix

The official MongoDB website has released a patch, which can be downloaded from:

We recommend that you upgrade MongoDB to 2.4.13, 2.6.8, 3.0.0-rc9, or 3.1.0.