CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here's a simple explanation:
My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
But it’s been a long time since I’ve done any C/C++ so I could be wrong.
My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
But it’s been a long time since I’ve done any C/C++ so I could be wrong.
TIL, I didn’t know that.