[SERVER-51083] Problem with regex index bounds Created: 21/Sep/20 Updated: 29/Oct/23 Resolved: 15/Oct/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying |
| Affects Version/s: | 4.0.20 |
| Fix Version/s: | 4.0.21, 3.6.21 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | David Storch | Assignee: | Jacob Evans |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | qopt-team | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||
| Sprint: | Query 2020-10-19 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Linked BF Score: | 50 | ||||||||||||||||||||
| Description |
|
CVE ID: CVE-2020-7929 Title: Specially crafted regex query can cause DoS Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20; CVSS score: 6.5 (https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&version=3.1) Affected products and versions: MongoDB Server v3.6 versions prior to 3.6.21 MongoDB Server v4.0 versions prior to 4.0.20 CWE ID: CWE-185: Incorrect Regular Expression |
| Comments |
| Comment by Githook User [ 15/Oct/20 ] |
|
Author: {'name': 'Jacob Evans', 'email': 'jacob.evans@10gen.com'}Message: |
| Comment by Githook User [ 15/Oct/20 ] |
|
Author: {'name': 'Jacob Evans', 'email': 'jacob.evans@10gen.com'}Message: |
| Comment by Githook User [ 15/Oct/20 ] |
|
Author: {'name': 'Jacob Evans', 'email': 'jacob.evans@10gen.com'}Message: |