-
Type: Bug
-
Resolution: Won't Fix
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:
-
Service Arch
-
ALL
Untrusted loop bound
An attacker could control the number of times the loop iterates. An unscrutinized value from an untrusted source used as a loop bound
/src/mongo/transport/transport_layer_asio.cpp:990: TAINTED_SCALAR 123308 Calling function "operator >>" taints argument "val". [Note: The source code implementation of the function has been overridden by a builtin model.]
/src/mongo/transport/transport_layer_asio.cpp:997: TAINTED_SCALAR 123308 Assigning: "wantval" = "val". Both are now tainted.
/src/mongo/transport/transport_layer_asio.cpp:1006: TAINTED_SCALAR 123308 Checking lower bounds of signed scalar "wantval" by taking the true branch of "wantval > 9L".