Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50170

Fix server selection failure on mongos

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.4.1
    • Affects Version/s: None
    • Component/s: None
    • Fully Compatible
    • v4.4

      CVE-2020-7926

      Title: Specific query can cause a DoS against MongoDB Server

      Description:

      A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected. 

      CVSS score: 6.5

      Using the following scoring metrics:
      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

      CWE: 'CWE-755: Improper Handling of Exceptional Conditions'.

      Affected versions:

      This issue affects - MongoDB Inc. MongoDB Server:

      v4.4 versions prior to 4.4.1

      Due to a bug in the query planner it's possible to trip this invariant for certain types of queries.

            Assignee:
            lamont.nelson@mongodb.com Lamont Nelson
            Reporter:
            lamont.nelson@mongodb.com Lamont Nelson
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: