Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50170

Fix server selection failure on mongos

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.4.1
    • None
    • Fully Compatible
    • v4.4

    Description

      CVE-2020-7926

      Title: Specific query can cause a DoS against MongoDB Server

      Description:

      A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected. 

      CVSS score: 6.5

      Using the following scoring metrics:
      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

      CWE: 'CWE-755: Improper Handling of Exceptional Conditions'.

      Affected versions:

      This issue affects - MongoDB Inc. MongoDB Server:

      v4.4 versions prior to 4.4.1

      Due to a bug in the query planner it's possible to trip this invariant for certain types of queries.

      Attachments

        Issue Links

          Activity

            People

              lamont.nelson@mongodb.com Lamont Nelson
              lamont.nelson@mongodb.com Lamont Nelson
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: