[SERVER-14268] Potential information leak - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.4.11, 2.6.4, 2.7.5
Component/s: Security
Labels:

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Completed:

2.4.11, 2.6.4
Sprint:
Server 2.7.3, Server 2.7.4, Server 2.7.5

Description

Issue Status as of Aug 08, 2014

ISSUE SUMMARY
Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.

USER IMPACT
Potentially sensitive information could be disclosed from the server.

WORKAROUNDS
Implement MongoDB Security Best Practices and ensure access to the database server is restricted.

AFFECTED VERSIONS
MongoDB production releases up to 2.6.3 are affected by this issue.

FIX VERSION
The fix is included in the 2.6.4 production release.

RESOLUTION DETAILS
The response sent by the server returns only validated data.

Attachments

Activity

People

Assignee:: Mark Benvenuto

Reporter:: Daniel Medina (Inactive)

Participants:: Daniel Medina, Githook User, Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: Jun 16 2014 04:10:53 PM UTC

Updated:: Apr 21 2017 08:06:43 PM UTC

Resolved:: Jul 30 2014 04:19:11 PM UTC