[SERVER-36993] mongod crash: Invariant failure indexedOr src/mongo/db/query/index_tag.cpp 237 Created: 05/Sep/18 Updated: 29/Oct/23 Resolved: 14/Sep/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Aggregation Framework |
| Affects Version/s: | 3.6.7 |
| Fix Version/s: | 3.6.9, 4.0.3, 4.1.4 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Travis Brown | Assignee: | David Storch |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v4.0, v3.6
|
||||||||
| Sprint: | Query 2018-09-24 | ||||||||
| Participants: | |||||||||
| Description |
|
CVE-2018-20802 Title: Post-auth queries on compound index may crash mongod Description: CVSS score: Affected versions: CWE: CWE-394: Unexpected Status Code or Return Value — I believe this exploit can used in a denial of service attack against atlas free tier. |
| Comments |
| Comment by Githook User [ 18/Sep/18 ] |
|
Author: {'name': 'David Storch', 'email': 'david.storch@10gen.com', 'username': 'dstorch'}Message: (cherry picked from commit 0aebf209b1467df188b8915d507fc6a2dcf80ef8) |
| Comment by Githook User [ 14/Sep/18 ] |
|
Author: {'name': 'David Storch', 'email': 'david.storch@10gen.com', 'username': 'dstorch'}Message: (cherry picked from commit ee97c0699fd55b498310996ee002328e533681a3) |
| Comment by Githook User [ 14/Sep/18 ] |
|
Author: {'name': 'David Storch', 'email': 'david.storch@10gen.com', 'username': 'dstorch'}Message: |
| Comment by David Storch [ 05/Sep/18 ] |
|
This appears to be a bad interaction between $or pushdown from |
| Comment by Travis Brown [ 05/Sep/18 ] |
|
Thanks! It also looks like you fixed my formatting, which I appreciate |
| Comment by Kelsey Schubert [ 05/Sep/18 ] |
|
Thanks for report travis@bryx.com, I've reproed following your example and we're investigating. |