Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17278

BSON BinData validation enforcement

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Completed:
    • Sprint:
      Security [00-02-20-15]

      Description

      Issue Status as of Feb 17, 2015

      ISSUE SUMMARY
      The mongod server fails to validate some cases of malformed BSON.

      USER IMPACT
      Upon receiving a specially crafted, malformed BSON message the thread serving the connection may go into an infinite loop, which may result in a loss of availability.

      WORKAROUNDS
      There are no workarounds. Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment.

      AFFECTED VERSIONS
      All MongoDB production releases up to 2.6.7 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.4.13 and 2.6.8 production releases.

      RESOLUTION DETAILS
      Reject malformed BSON data.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: