CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here's a simple explanation:
My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
But it’s been a long time since I’ve done any C/C++ so I could be wrong.
TLDR use calloc instead of malloc
Doesn’t that make it slower because it needs to zero out all the bytes first?
My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
But it’s been a long time since I’ve done any C/C++ so I could be wrong.
TIL, I didn’t know that.