Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Unknown
Fix Version/s: 1.12.1
Affects Version/s: None
Component/s: None
Labels:
None

Confidence Status:
None

Documentation Changes:
Not Needed
Documentation Changes Summary:

Hide

1. What would you like to communicate to the user about this feature?
2. Would you like the user to see examples of the syntax and/or executable code and its output?
3. Which versions of the driver/connector does this apply to?

Show
1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

Tracking PR #1291 to fix two possible conditions which could result in a potential denial of service of a client connected to a malicious MongoDB server.

readLengthBytes requires 4 bytes for the length to be included. Previously when reading a document from the wire this could result in a tight loop where an empty struct is appended to a slice repeatedly until the service runs out of memory (both CPU and memory consumption).
Fix a large memory allocation condition with Snappy decompression if a large size is encoded in the Snappy compressed / encoded portion of the bytes.

Assignee:: Qingyang Hu
Reporter:: Qingyang Hu
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jun 12 2023 08:11:06 PM UTC
Updated:: Oct 28 2023 11:37:16 AM UTC
Resolved:: Jun 28 2023 07:21:03 PM UTC

Details

Description

Attachments

Activity

People

Dates