{"id":"CVE-2024-8305","summary":"MongoDB Server secondaries may crash due to forced index constraints","details":"prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4","aliases":["BIT-mongodb-2024-8305"],"modified":"2026-05-19T03:18:35.362608Z","published":"2024-10-21T14:10:31.079Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"6.0"},{"fixed":"6.0.17"},{"introduced":"7.0"},{"fixed":"7.0.13"},{"introduced":"7.3"},{"fixed":"7.3.4"}],"source":"AFFECTED_FIELD"}],"cwe_ids":["CWE-1288"],"cna_assigner":"mongodb","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8305.json"},"references":[{"type":"WEB","url":"https://jira.mongodb.org/browse/SERVER-92382"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8305.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8305"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"e61bf27c2f6a83fed36e5a13c008a32d563babe2"},{"fixed":"04582a1f37ad7812d26c031fb0edd9d1a48d925f"},{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"a2a46542e8d79a8b4937ed51e84dc918caf26783"},{"introduced":"b4d4f7026332c345edc52f9687e509f74e95a0fb"},{"fixed":"81c102cee43550f6932367f668d766e39c60cffd"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"6.0.0"},{"fixed":"6.0.17"},{"introduced":"7.0.0"},{"fixed":"7.0.13"},{"introduced":"7.3.0"},{"fixed":"7.3.4"}],"cpe":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*"}}],"versions":["r7.0.13-rc0","r7.3.4-rc1","r7.3.4-rc0","r7.0.12-rc1","r7.0.12","r7.0.12-rc0","r6.0.16-rc0","r6.0.16","r7.3.3-rc0","r7.3.3","r7.0.11-rc2","r7.0.11","r7.0.11-rc1","r7.0.11-rc0","r7.0.10-rc0","r7.0.10","r7.3.2-rc1","r7.3.2","r7.0.9-rc1","r7.0.9","r7.3.2-rc0","r7.0.9-rc0","r6.0.15-rc0","r6.0.15","r7.0.8-rc0","r7.0.8","r7.3.1-rc2","r7.3.1","r7.3.1-rc1","r7.3.1-rc0","r7.3.0","r7.0.7-rc2","r7.0.7","r7.0.7-rc1","r7.0.7-rc0","r6.0.14-rc1","r6.0.14","r7.0.6-rc0","r7.0.6","r6.0.14-rc0","r6.0.13-rc0","r6.0.13","r7.0.5-rc0","r7.0.5","r6.0.12-rc1","r6.0.12","r7.0.4-rc0","r7.0.4","r6.0.12-rc0","r7.0.3-rc1","r7.0.3","r7.0.3-rc0","r6.0.11-rc0","r6.0.11","r7.0.2-rc2","r7.0.2","r7.0.2-rc1","r7.0.2-rc0","r6.0.10-rc0","r6.0.10","r7.0.1-rc0","r7.0.1","r7.0.0","r6.0.9-rc1","r6.0.9","r6.0.9-rc0","r6.0.8-rc0","r6.0.8","r6.0.7-rc0","r6.0.7","r6.0.6-rc1","r6.0.6","r6.0.6-rc0","r6.0.5-rc1","r6.0.5","r6.0.5-rc0","r6.0.4-rc1","r6.0.4-rc0","r6.0.4","r6.0.3-rc2","r6.0.3-rc1","r6.0.3","r6.0.3-rc0","r6.0.2-rc1","r6.0.2","r6.0.2-rc0","r6.0.1-rc0","r6.0.1","r6.0.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2024-8305-1f8fa0ad","digest":{"length":1704,"function_hash":"64357972036740609456948839495237562266"},"target":{"function":"ReplicationRecoveryImpl::_recoverFromUnstableCheckpoint","file":"src/mongo/db/repl/replication_recovery.cpp"},"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-35ac3546","digest":{"threshold":0.9,"line_hashes":["326842396787406145534793904146985080026","98225685305329925305884694932550041059","232686151851513936437776935437413726252","89833456694645892458988448383188269458"]},"target":{"file":"src/mongo/db/repl/initial_syncer.cpp"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-376290c6","digest":{"threshold":0.9,"line_hashes":["28589998682562525413596022271160355341","194374094684355474476908738659148271619","4188047263567901491143630018897136647","337234258102253289734233704776410018156"]},"target":{"file":"src/mongo/db/storage/storage_engine.h"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-4daf38b2","digest":{"threshold":0.9,"line_hashes":["325443905775926411274704186588080013086","175372965926262633626569011886527940697","101387764311428377924643788174618235066","111234080482365044480395967755144219808"]},"target":{"file":"src/mongo/db/storage/storage_engine_mock.h"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-5dcb33b8","digest":{"length":4721,"function_hash":"63122628539287415540416800121444350254"},"target":{"function":"ValidateAdaptor::traverseRecordStore","file":"src/mongo/db/catalog/validate_adaptor.cpp"},"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/04582a1f37ad7812d26c031fb0edd9d1a48d925f","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-6b2e3b72","digest":{"threshold":0.9,"line_hashes":["261952763206405642134690429605191585877","271478991487996520618015210732696954446","234299204169543201911245220898104603785","288451933156282113256724202399401654826","115137640604292801327516349249931990715","6585160960140908694649108225974791971","266892887870188946029918634770063796155","284309024758396087888681093502270350735","17857081574361893251912204911921639997"]},"target":{"file":"src/mongo/dbtests/repltests.cpp"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-84cbf5bb","digest":{"length":129,"function_hash":"142210671153381720131171986219809606833"},"target":{"function":"StorageEngineImpl::setOldestTimestamp","file":"src/mongo/db/storage/storage_engine_impl.cpp"},"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-8e705a99","digest":{"length":883,"function_hash":"94949086671452012181762042744083795361"},"target":{"function":"createInitialSyncerOptions","file":"src/mongo/db/repl/replication_coordinator_impl.cpp"},"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-a2372d8b","digest":{"threshold":0.9,"line_hashes":["194319675669539997791977208055783058189","205554152611466755913412119475320461924","280207873070755710073966152263326228776","198941670053846996361854903783259323957"]},"target":{"file":"src/mongo/db/storage/storage_engine_impl.h"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-a8bedd1a","digest":{"threshold":0.9,"line_hashes":["186458699316289775049893829013655136670","139947347126869824761532831035953675329","248777454184683961575549506198531748988","19311117635755955518004454548345803917"]},"target":{"file":"src/mongo/db/repl/replication_coordinator_impl.cpp"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-b91e05c1","digest":{"threshold":0.9,"line_hashes":["340014884488232753919019511630862689283","79509821074501617333093313337911058496","180062606197285633575571287136177211914","175139048730411564914761528241578898238"]},"target":{"file":"src/mongo/db/storage/storage_engine_impl.cpp"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-bc473ccd","digest":{"length":2836,"function_hash":"114141502866973096821326490108083979972"},"target":{"function":"ReplicationRecoveryImpl::_applyOplogOperations","file":"src/mongo/db/repl/replication_recovery.cpp"},"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-c7b726e3","digest":{"threshold":0.9,"line_hashes":["296297611723228230632191705919741630935","52817330115629122116194237336509965249","124018979596105062877729520094690482966","199353160034049479995727797787883742725","321746006861070856001741367040342332074","103494199661243871524304338113472003984","105464411898963475141543453914734944563"]},"target":{"file":"src/mongo/db/catalog/validate_adaptor.cpp"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/04582a1f37ad7812d26c031fb0edd9d1a48d925f","signature_version":"v1"},{"deprecated":false,"id":"CVE-2024-8305-cb7199a1","digest":{"threshold":0.9,"line_hashes":["46456942629359577793561500059700196451","269868989697803615970593634756965255240","340008620066817223720262269858614005869","124511813911024298877651090127842742244","10713229332756611835746468259589815206","52280162865906530780169287230558504506","319824898322229174993938662960766091728","301364495411856469262520442508543897097"]},"target":{"file":"src/mongo/db/repl/replication_recovery.cpp"},"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/a2a46542e8d79a8b4937ed51e84dc918caf26783","signature_version":"v1"}],"vanir_signatures_modified":"2026-05-19T03:18:35Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8305.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}