[SERVER-49404] Enforce additional checks in $arrayToObject Created: 09/Jul/20  Updated: 29/Oct/23  Resolved: 28/Jul/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.0.20, 4.2.9, 4.4.1, 3.6.20, 4.7.0

Type: Improvement Priority: Major - P3
Reporter: Bernard Gorman Assignee: Drew Paroski
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.4, v4.2, v4.0, v3.6
Sprint: Query 2020-07-27, Query 2020-08-10
Participants:

 Description   

CVE ID: CVE-2020-7928

Title: Improper neutralization of null byte leads to read overrun

Description:

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.

CVSS score: 

This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected versions:

This issue affects: MongoDB Inc. MongoDB Server:

v4.4 versions prior to 4.4.1;

v4.2 versions prior to 4.2.9;

v4.0 versions prior to 4.0.20;

v3.6 versions prior to 3.6.20.

 

CWE: ** CWE-158: Improper Neutralization of Null Byte or NUL Character

 

Underlying operating systems affected: ALL



 Comments   
Comment by Githook User [ 04/Aug/20 ]

Author:

{'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}

Message: SERVER-49404 Enforce additional checks in $arrayToObject

(cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301)
Branch: v4.4
https://github.com/mongodb/mongo/commit/287b872de62d23399af3b6a968337f21107b5119

Comment by Githook User [ 04/Aug/20 ]

Author:

{'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}

Message: SERVER-49404 Enforce additional checks in $arrayToObject

(cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301)
Branch: v3.6
https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694

Comment by Githook User [ 04/Aug/20 ]

Author:

{'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}

Message: SERVER-49404 Enforce additional checks in $arrayToObject

(cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301)
Branch: v4.0
https://github.com/mongodb/mongo/commit/e27e80ead0788c75103c6e10b888fd201bedb89c

Comment by Githook User [ 03/Aug/20 ]

Author:

{'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}

Message: SERVER-49404 Enforce additional checks in $arrayToObject

(cherry picked from commit 1772b9a0393b55e6a280a35e8f0a1f75c014f301)
Branch: v4.2
https://github.com/mongodb/mongo/commit/8c59fe07686d3d3f2fdeb2a7b5ab61eaac7e6231

Comment by Drew Paroski [ 28/Jul/20 ]

bernard.gorman: I've marked this ticket as closed, sorry for the delay.

Comment by Githook User [ 15/Jul/20 ]

Author:

{'name': 'Drew Paroski', 'email': 'drew.paroski@mongodb.com', 'username': 'paroski'}

Message: SERVER-49404 Enforce additional checks in $arrayToObject
Branch: master
https://github.com/mongodb/mongo/commit/1772b9a0393b55e6a280a35e8f0a1f75c014f301

Generated at Thu Feb 08 05:19:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.