Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17264

improve bson validation

    XMLWordPrintable

    Details

      Description

      Issue Status as of Feb 17, 2015

      ISSUE SUMMARY
      The mongod server fails to validate some cases of malformed BSON. This failure occurs pre-authentication.

      USER IMPACT
      A specially crafted, malformed BSON message may trigger an uncaught exception in the server, resulting in a loss of availability.

      WORKAROUNDS
      There are no workarounds for this issue.

      AFFECTED VERSIONS
      All MongoDB production releases up to 2.6.7 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.4.13 and 2.6.8 production releases.
      CVE-2015-1609 has been assigned to this issue.

      RESOLUTION DETAILS
      Reject malformed BSON data.

      ADDITIONAL NOTES
      Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment. This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs and responsibly disclosed to MongoDB, Inc.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: