Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-103153

MongoDB Server may crash due to improper validation of explain command

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:

      TBD

      Title:
      MongoDB Server may crash due to improper validation of explain command 

      Description:

      When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4 

      CVSS Score: 
      6.5 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 

      List all affected product versions: 

      MongoDB Server v5.0 prior to 5.0.31

      MongoDB Server v6.0 prior to 6.0.20

      MongoDB Server v7.0 prior to 7.0.16

      MongoDB Server v8.0 prior to 8.0.4

      CWE: 

      CWE-703: Improper Check or Handling of Exceptional Conditions

            Assignee:
            karman.liu@mongodb.com Karman Liu
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              None
              None
              None
              None