An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Mongodb |
|
No data.
No data.
References
| Link | Providers |
|---|---|
| https://jira.mongodb.org/browse/SERVER-105873 |
|
History
Tue, 21 Oct 2025 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mongodb
Mongodb mongodb |
|
| Vendors & Products |
Mongodb
Mongodb mongodb |
Mon, 20 Oct 2025 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 20 Oct 2025 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0. | |
| Title | Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mongodb
Published: 2025-10-20T17:47:57.947Z
Updated: 2025-10-20T20:21:27.265Z
Reserved: 2025-10-20T17:38:55.869Z
Link: CVE-2025-11979
Vulnrichment
Updated: 2025-10-20T20:21:23.655Z
NVD
Status : Awaiting Analysis
Published: 2025-10-20T18:15:38.100
Modified: 2025-10-21T19:31:25.450
Link: CVE-2025-11979
Redhat
No data.