CVE-2014-3971
MongoDB 2.6.x - Denial of Service via Invalid X.509 Client Certificate Authentication
Title source: llmDescription
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b
Vendor Advisory x_refsource_confirm
https://jira.mongodb.org/browse/SERVER-13753
Scores
EPSS
0.0146
EPSS Percentile
70.4%
Details
CWE
CWE-20
Status
published
Products (2)
mongodb/mongodb
2.6.0
mongodb/mongodb
2.6.1
Published
Dec 25, 2014
Tracked Since
Feb 18, 2026