[SERVER-44377] Invariant failure on indexed inequality to null Created: 01/Nov/19  Updated: 29/Oct/23  Resolved: 11/Nov/19

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: 4.2.1, 4.3.1
Fix Version/s: 4.3.1, 4.2.2

Type: Bug Priority: Critical - P2
Reporter: Ian Boros Assignee: Ian Boros
Resolution: Fixed Votes: 0
Labels: KP44
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.2
Sprint: Query 2019-11-18
Participants:
Linked BF Score: 0

 Description   
CVE-2019-20924

Title:  Invariant in IndexBoundsBuilder

Description:
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.

CVSS score:
This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions:
MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.

CWE: CWE-394: Unexpected Status Code or Return Value


Due to a bug in the query planner it's possible to trip this invariant for certain types of queries.



 Comments   
Comment by Githook User [ 13/Nov/19 ]

Author:

{'username': 'puppyofkosh', 'email': 'ian.boros@mongodb.com', 'name': 'Ian Boros'}

Message: SERVER-44377 generate correct plan for indexed inequalities to null
Branch: v4.2
https://github.com/mongodb/mongo/commit/e4338fa6e876e61e47f68e7f573ead7bcfbd06fc

Comment by Githook User [ 11/Nov/19 ]

Author:

{'username': 'puppyofkosh', 'email': 'ian.boros@mongodb.com', 'name': 'Ian Boros'}

Message: SERVER-44377 generate correct plan for indexed inequalities to null
Branch: master
https://github.com/mongodb/mongo/commit/f8f55e1825ee5c7bdb3208fc7c5b54321d172732

Generated at Thu Feb 08 05:05:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.