-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Security
Issue Status as of Aug 08, 2014
ISSUE SUMMARY
Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.
USER IMPACT
Potentially sensitive information could be disclosed from the server.
WORKAROUNDS
Implement MongoDB Security Best Practices and ensure access to the database server is restricted.
AFFECTED VERSIONS
MongoDB production releases up to 2.6.3 are affected by this issue.
FIX VERSION
The fix is included in the 2.6.4 production release.
RESOLUTION DETAILS
The response sent by the server returns only validated data.