Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.4.13, 2.6.8, 3.0.0-rc9, 3.1.0
Affects Version/s: 3.0.0-rc8
Component/s: Security, Stability
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Completed:

2.4.13, 2.6.8, 3.0.0-rc9
Sprint:
Security [00-02-20-15]
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Issue Status as of Feb 17, 2015

ISSUE SUMMARY
The mongod server fails to validate some cases of malformed BSON.

USER IMPACT
Upon receiving a specially crafted, malformed BSON message the thread serving the connection may go into an infinite loop, which may result in a loss of availability.

WORKAROUNDS
There are no workarounds. Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment.

AFFECTED VERSIONS
All MongoDB production releases up to 2.6.7 are affected by this issue.

FIX VERSION
The fix is included in the 2.4.13 and 2.6.8 production releases.

RESOLUTION DETAILS
Reject malformed BSON data.

Assignee:: Spencer Jackson
Reporter:: Andreas Nilsson (Inactive)
Participants:: Andreas Nilsson, Githook User, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Feb 13 2015 04:57:24 PM UTC
Updated:: Sep 18 2015 10:39:34 PM UTC
Resolved:: Feb 13 2015 10:04:46 PM UTC

Details

Description

Attachments

Activity

People

Dates