Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.4.11, 2.6.4, 2.7.5
Affects Version/s: None
Component/s: Security
Labels:

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Completed:

2.4.11, 2.6.4
Sprint:
Server 2.7.3, Server 2.7.4, Server 2.7.5
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Issue Status as of Aug 08, 2014

ISSUE SUMMARY
Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.

USER IMPACT
Potentially sensitive information could be disclosed from the server.

WORKAROUNDS
Implement MongoDB Security Best Practices and ensure access to the database server is restricted.

AFFECTED VERSIONS
MongoDB production releases up to 2.6.3 are affected by this issue.

FIX VERSION
The fix is included in the 2.6.4 production release.

RESOLUTION DETAILS
The response sent by the server returns only validated data.

Assignee:: Mark Benvenuto
Reporter:: Daniel Medina (Inactive)
Participants:: Daniel Medina, Githook User, Mark Benvenuto
Votes:: 0 Vote for this issue
Watchers:: 11 Start watching this issue

Created:: Jun 16 2014 04:10:53 PM UTC
Updated:: Apr 21 2017 08:06:43 PM UTC
Resolved:: Jul 30 2014 04:19:11 PM UTC