Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-5109

Comment on: "about/alerts.txt#security-related"

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 01112017-cleanup
    • None
    • None

    Description

      03/25/2015 mongod Remotely trigger a denial of service (crash) via a specially crafted regular expression. 2.6.8 and earlier, 3.0.0 2.6.9 and 3.0.1 CVE-2015-2327, CVE-2015-2328 SERVER-17252

      SERVER-17252 references CVE-2014-8964 within the ticket, and does not mention either CVE-2015-232x ID on the alerts page. There is no public reference to those two CVEs, and no indication if this is a typo, problems in MongoDB, or problems in PCRE since the original ticket is based on issues in that package. Can you clarify what those two CVE IDs relate to?

      Attachments

        Activity

          People

            Unassigned Unassigned
            osvdb Brian Martin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              8 years, 47 weeks ago