MongoDB could be made to expose sensitive information over the
network.
Software Description:
- mongodb: object/document-oriented database
Details:
It was discovered that MongoDB incorrectly handled length parameters
in zlib-compressed network messages prior to authentication. An
unauthenticated remote attacker could possibly use this issue to
cause MongoDB to allocate an oversized memory buffer, resulting
in the exposure of sensitive information.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
mongodb 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
mongodb-clients 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
mongodb-server 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
mongodb-server-core 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
mongodb 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
mongodb-clients 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
mongodb-server 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
mongodb-server-core 1:3.6.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
After a standard system update you need to restart the mongodb
service to make all the necessary changes.https://ubuntu.com/security/notices/USN-8160-1
CVE-2025-14847
Get the latest Linux and open source security news straight to your inbox.