Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-53929

Server crash after invariant failure

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical - P2
    • Resolution: Fixed
    • 4.4.2
    • 4.9.0, 4.4.4
    • Querying
    • None
    • ubuntu 16.04
      mongodb version 4.4.2
      mongo-go-driver version 1.4.4
    • Fully Compatible
    • ALL
    • v4.4
    • Hide

      Sadly I don't have the exact query that triggered the crash, as it was a query run by someone on https://mongoplayground.net/

      I'll update the ticket if I manage to find the faulty query

      Show
      Sadly I don't have the exact query that triggered the crash, as it was a query run by someone on https://mongoplayground.net/ I'll update the ticket if I manage to find the faulty query
    • Query 2021-02-08

    Description

      CVE-2021-20326

      Title
      Specially crafted query may result in a denial of service of mongod

      CVE ID
      CVE-2021-20326

      Description
      A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.

      CVSS score
      This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
      CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

      Affected versions
      MongoDB Inc. MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.

      CWE
      CWE-20: Improper Input Validation

      Underlying operating systems affected
      ALL

      How the issue was reported:
      Externally

      External Reference link (server ticket)
      SERVER-53929

      Attachments

        Activity

          People

            ian.boros@mongodb.com Ian Boros
            felix2626 adrien petel
            Votes:
            0 Vote for this issue
            Watchers:
            15 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: