Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-58474

SplitVector command does not handle values that are out of bounds

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • ALL
    • Execution Team 2021-07-26
    • 40

      These calls (https://github.com/mongodb/mongo/blob/7ffbb65c777ea73a911b86e8b0eddb3658e65d47/src/mongo/db/s/split_vector_command.cpp#L116-L134) to numberLong() are unsafe as demonstrated by the fuzzer.

      This is an internal-only command, so backporting this isn't necessary.

            Assignee:
            gregory.wlodarek@mongodb.com Gregory Wlodarek
            Reporter:
            gregory.wlodarek@mongodb.com Gregory Wlodarek
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: