Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Critical - P2
Fix Version/s: 4.0.21, 3.6.21
Affects Version/s: 4.0.20
Component/s: Querying
Labels:
- qopt-team

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Query 2020-10-19
Linked BF Score:
50

CVE ID: CVE-2020-7929

Title: Specially crafted regex query can cause DoS

Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc.

MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20;

CVSS score: 6.5 (https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&version=3.1)

Affected products and versions:

MongoDB Server v3.6 versions prior to 3.6.21

MongoDB Server v4.0 versions prior to 4.0.20

CWE ID: CWE-185: Incorrect Regular Expression

is related to

SERVER-12204 Buffer::readUTF8String in bson_validate.cpp should validate utf8

Closed

SERVER-39697 Regex MatchExpression should error at parse time if the regex is not valid

Closed

Assignee:: Jacob Evans

Reporter:: David Storch

Participants:: David Storch, Githook User, Jacob Evans

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: Sep 21 2020 11:44:20 PM UTC

Updated:: Oct 29 2023 10:02:53 PM UTC

Resolved:: Oct 15 2020 12:40:42 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates