Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
None
-
*Location*: http://www.mongodb.org/about/alerts/#security-related
*User-Agent*: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.17
*Screen Resolution*: 1920 x 1080
*repo*: mongodb-www-about
*source*: alerts
Description
03/25/2015 mongod Remotely trigger a denial of service (crash) via a specially crafted regular expression. 2.6.8 and earlier, 3.0.0 2.6.9 and 3.0.1 CVE-2015-2327, CVE-2015-2328 SERVER-17252
SERVER-17252 references CVE-2014-8964 within the ticket, and does not mention either CVE-2015-232x ID on the alerts page. There is no public reference to those two CVEs, and no indication if this is a typo, problems in MongoDB, or problems in PCRE since the original ticket is based on issues in that package. Can you clarify what those two CVE IDs relate to?