CVE-2024-8654

CRITICAL9.8EPSS 0.45%

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour

Published: 9/23/2025Modified: 9/23/2025

Description

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

Affected packages (1)

Bitnami/mongodb>= 6.0.0, < 6.0.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)

WEBhttps://jira.mongodb.org/browse/SERVER-71477
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-8654
WEBhttps://security.netapp.com/advisory/ntap-20250516-0008/