Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50170

Fix server selection failure on mongos

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.1
    • Component/s: None
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.4

      Description

      CVE-2020-7926

      Title: Specific query can cause a DoS against MongoDB Server

      Description:

      A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected. 

      CVSS score: 6.5

      Using the following scoring metrics:
      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

      CWE: 'CWE-755: Improper Handling of Exceptional Conditions'.

      Affected versions:

      This issue affects - MongoDB Inc. MongoDB Server:

      v4.4 versions prior to 4.4.1

      Due to a bug in the query planner it's possible to trip this invariant for certain types of queries.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lamont.nelson Lamont Nelson
              Reporter:
              lamont.nelson Lamont Nelson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: