[SERVER-49404] Enforce additional checks in $arrayToObject Created: 09/Jul/20 Updated: 29/Oct/23 Resolved: 28/Jul/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.0.20, 4.2.9, 4.4.1, 3.6.20, 4.7.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Bernard Gorman | Assignee: | Drew Paroski |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Backport Requested: |
v4.4, v4.2, v4.0, v3.6
|
||||
| Sprint: | Query 2020-07-27, Query 2020-08-10 | ||||
| Participants: | |||||
| Description |
|
CVE ID: CVE-2020-7928 Title: Improper neutralization of null byte leads to read overrun Description: A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. CVSS score: This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected versions: This issue affects: MongoDB Inc. MongoDB Server: v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
CWE: ** CWE-158: Improper Neutralization of Null Byte or NUL Character
Underlying operating systems affected: ALL |
| Comments |
| Comment by Githook User [ 04/Aug/20 ] |
|
Author: {'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}Message: (cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301) |
| Comment by Githook User [ 04/Aug/20 ] |
|
Author: {'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}Message: (cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301) |
| Comment by Githook User [ 04/Aug/20 ] |
|
Author: {'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}Message: (cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301) |
| Comment by Githook User [ 03/Aug/20 ] |
|
Author: {'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}Message: (cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301) |
| Comment by Drew Paroski [ 28/Jul/20 ] |
|
bernard.gorman: I've marked this ticket as closed, sorry for the delay. |
| Comment by Githook User [ 15/Jul/20 ] |
|
Author: {'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}Message: |