CVE-2015-2705 MongoDB is susceptible to a denial of service (crash) due to failure to check for missing value. When running with authentication, an attacker needs to be successfully authenticated into MongoDB and have write access to a database to be able to exploit this vulnerability. Remote attackers may cause a denial of service (crash). MongoDB 3.0.0 is affected by this issue. The fix is included in the 3.0.1 production releases.
MongoDB ships with PCRE 8.30, which suffers from the following vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8964 When running with authentication, users need to be successfully authenticated into MongoDB to be able to exploit these vulnerabilities. Remote attackers may cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. All MongoDB production releases prior to 2.6.9 and 3.0.1 are affected by this issue. The fix is included in the 2.6.9 and 3.0.1 production releases.
The mongodb server fails to validate some cases of malformed BSON. This failure occurs pre-authentication. A specially crafted, malformed BSON message may trigger an uncaught exception in the server, resulting in a loss of availability. All MongoDB production releases up to 2.6.7 are affected by this issue. The fix is included in the 2.4.13 and 2.6.8 production releases. Please check the following tutorial for any upgrade assistance: http://docs.mongodb.org/manual/tutorial/upgrade-revision/ Please mail us at firstname.lastname@example.org or email@example.com, as applicable, for any queries that you may have.]]>Check the pricing of our offerings here