Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.1.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2021-10-04
Linked BF Score:
167
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

When the parseAuditHeaderFromJSON() function performs a AuditHeaderOptionsDocument::parse() of the input audit header BSON object fileHeaderBSON, it stores an un-owned BSONObj for the _keyStoreIdentifier member variable. This causes a use-after-free when the owning BSON object goes out of scope at function return, and the resulting AuditHeaderOptionsDocument object's _keyStoreIdentifier is used later in createKeyManagerFromHeader().

is depended on by

SERVER-59917 Create setParameter for splitting Audit Header to separate file

Closed

Assignee:: Erwin Pe
Reporter:: Erwin Pe
Participants:: Erwin Pe, Githook User, Vivian Ge
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Sep 24 2021 02:31:39 PM UTC
Updated:: Oct 29 2023 09:48:13 PM UTC
Resolved:: Sep 28 2021 04:56:44 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates