[SERVER-53929] Server crash after invariant failure Created: 20/Jan/21  Updated: 29/Oct/23  Resolved: 04/Feb/21

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: 4.4.2
Fix Version/s: 4.9.0, 4.4.4

Type: Bug Priority: Critical - P2
Reporter: adrien petel Assignee: Ian Boros
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

ubuntu 16.04
mongodb version 4.4.2
mongo-go-driver version 1.4.4


Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.4
Steps To Reproduce:

Sadly I don't have the exact query that triggered the crash, as it was a query run by someone on https://mongoplayground.net/

I'll update the ticket if I manage to find the faulty query

Sprint: Query 2021-02-08
Participants:
Case:

 Description   
CVE-2021-20326

Title
Specially crafted query may result in a denial of service of mongod

CVE ID
CVE-2021-20326

Description
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.

CVSS score
This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions
MongoDB Inc. MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.

CWE
CWE-20: Improper Input Validation

Underlying operating systems affected
ALL

How the issue was reported:
Externally

External Reference link (server ticket)
SERVER-53929



 Comments   
Comment by Old Old [ 28/Apr/21 ]

Hi @Christopher Buckingham

I'd like to be credited for this with this name: Adrien Petel
Thank you !

Comment by Lucy Buckingham [ 27/Apr/21 ]

Hi felix2626, thank you for reporting this issue. 

We have performed some internal testing and can confirm that this is indeed a vulnerability and we have already produced a fix. We will also issue a CVE concerning this vulnerability. Please let us know if you would like to be credited for this discovery inside a CVE and what name you would like to be credited with?

Thanks.

Comment by Githook User [ 04/Feb/21 ]

Author:

{'name': 'Ian Boros', 'email': 'ian.boros@mongodb.com', 'username': 'puppyofkosh'}

Message: SERVER-53929 Add stricter parser checks around positional projection
Branch: v4.4
https://github.com/mongodb/mongo/commit/0c7f643a2dfe4000ac9630ed5dace0cb40ec9740

Comment by Githook User [ 04/Feb/21 ]

Author:

{'name': 'Ian Boros', 'email': 'ian.boros@mongodb.com', 'username': 'puppyofkosh'}

Message: SERVER-53929 Add stricter parser checks around positional projection
Branch: master
https://github.com/mongodb/mongo/commit/cd583b6c4d8aa2364f255992708b9bb54e110cf4

Comment by adrien petel [ 21/Jan/21 ]

Hi @Eric Sedor,

Thanks for the quick answer, I have uploaded the files ( logs and metrics ), hope it helps

Comment by Eric Sedor [ 20/Jan/21 ]

HI felix2626,

Knowing the exact query will definitely help, especially if running the query again reproduces the invariant failure. But we can collect additional information.

Would you please archive (tar or zip) the mongod.log files covering the incident and the $dbpath/diagnostic.data directory (the contents are described here) and upload them to this support uploader location?

Files uploaded to this portal are visible only to MongoDB employees and are routinely deleted after some time.

Thank you!

Generated at Thu Feb 08 05:32:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.