[SERVER-43751] Recompute compressor manager message parameters Created: 01/Oct/19  Updated: 29/Oct/23  Resolved: 07/Oct/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.6.15, 4.0.13, 4.2.1, 4.3.1, 3.4.24

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.2, v4.0, v3.6, v3.4
Sprint: Security 2019-10-07
Participants:
Linked BF Score: 95

 Description   
CVE-2019-20925

Title: Denial of service via malformed network packet
CVE ID:
Description
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.
CVSS score:
This issue's CVSS:3.1 severity is scored at 7.5 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected versions
MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

Underlying operating systems affected: ALL

How the issue was reported: Internal

External Reference link (server ticket):
SERVER-43751

CWE: CWE-839: Numeric Range Comparison Without Minimum Check



 Comments   
Comment by Githook User [ 08/Oct/19 ]

Author:

{'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com', 'name': 'Adam Cooper'}

Message: SERVER-43751 Recompute compressor manager message parameters

(cherry picked from commit 1411cf602a21e45a5ef42b6869c480eb420976ee)
Branch: v3.4
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8

Comment by Githook User [ 07/Oct/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-43751 Recompute compressor manager message parameters

(cherry picked from commit 1411cf602a21e45a5ef42b6869c480eb420976ee)
Branch: v4.0
https://github.com/mongodb/mongo/commit/5381b1655a7d5a5967a5cdad5481ed43714b5638

Comment by Githook User [ 07/Oct/19 ]

Author:

{'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com', 'name': 'Adam Cooper'}

Message: SERVER-43751 Recompute compressor manager message parameters

(cherry picked from commit 1411cf602a21e45a5ef42b6869c480eb420976ee)
Branch: v4.2
https://github.com/mongodb/mongo/commit/be871247f92e6761f462300db061a48ccb9f3543

Comment by Githook User [ 07/Oct/19 ]

Author:

{'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com', 'name': 'Adam Cooper'}

Message: SERVER-43751 Recompute compressor manager message parameters

(cherry picked from commit 1411cf602a21e45a5ef42b6869c480eb420976ee)
Branch: v3.6
https://github.com/mongodb/mongo/commit/bcec27cddbc82def0eb09e7abe047b14f6ccb995

Comment by Githook User [ 07/Oct/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-43751 Recompute compressor manager message parameters
Branch: master
https://github.com/mongodb/mongo/commit/1411cf602a21e45a5ef42b6869c480eb420976ee

Generated at Thu Feb 08 05:04:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.