CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here's a simple explanation:
My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
But it’s been a long time since I’ve done any C/C++ so I could be wrong.
Doesn’t that make it slower because it needs to zero out all the bytes first?
My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
But it’s been a long time since I’ve done any C/C++ so I could be wrong.
TIL, I didn’t know that.