[SERVER-51083] Problem with regex index bounds Created: 21/Sep/20  Updated: 29/Oct/23  Resolved: 15/Oct/20

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: 4.0.20
Fix Version/s: 4.0.21, 3.6.21

Type: Bug Priority: Critical - P2
Reporter: David Storch Assignee: Jacob Evans
Resolution: Fixed Votes: 0
Labels: qopt-team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Problem/Incident
Related
is related to SERVER-12204 Buffer::readUTF8String in bson_valida... Closed
is related to SERVER-39697 Regex MatchExpression should error at... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Query 2020-10-19
Participants:
Linked BF Score: 50

 Description   

CVE ID: CVE-2020-7929

Title: Specially crafted regex query can cause DoS

Description:  A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. 

MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20;  

CVSS score: 6.5 (https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&version=3.1)

Affected products and versions:

MongoDB Server v3.6 versions prior to 3.6.21

MongoDB Server v4.0 versions prior to 4.0.20

CWE ID: CWE-185: Incorrect Regular Expression



 Comments   
Comment by Githook User [ 15/Oct/20 ]

Author:

{'name': 'Jacob Evans', 'email': 'jacob.evans@10gen.com'}

Message: SERVER-51083 Fix cherry-pick for num arguments to RegexMatchExpression
Branch: v3.6
https://github.com/mongodb/mongo/commit/51caad0e005e1a6dc1bd529cb809ba0d7d5eef0d

Comment by Githook User [ 15/Oct/20 ]

Author:

{'name': 'Jacob Evans', 'email': 'jacob.evans@10gen.com'}

Message: SERVER-51083 Reject invalid UTF-8 from $regex match expressions
Branch: v3.6
https://github.com/mongodb/mongo/commit/b0ef26c639112b50648a02d969298650fbd402a4

Comment by Githook User [ 15/Oct/20 ]

Author:

{'name': 'Jacob Evans', 'email': 'jacob.evans@10gen.com'}

Message: SERVER-51083 Reject invalid UTF-8 from $regex match expressions
Branch: v4.0
https://github.com/mongodb/mongo/commit/64095239f41e9f3841d8be9088347db56d35c891

Generated at Thu Feb 08 05:24:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.