Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.1.0-rc0
Affects Version/s: None
Component/s: None
Labels:
- coverity

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Security 2021-05-17, Security 2021-05-31

Untrusted loop bound

An attacker could control the number of times the loop iterates. An unscrutinized value from an untrusted source used as a loop bound
/src/mongo/db/mongod_main.cpp:892: TAINTED_SCALAR 119556 Calling function "operator >>" taints argument "pid".
/src/mongo/db/mongod_main.cpp:893: TAINTED_SCALAR 119556 Checking lower bounds of signed scalar "pid" by taking the true branch of "pid > 9999".

related to

SERVER-61494 Fix "mongod --shutdown" to check size of "mongod.lock" instead of existence

Closed

Assignee:: Sara Golemon

Reporter:: Coverity Collector User

Participants:: Coverity Collector User, Githook User, Sara Golemon, Vivian Ge

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: May 05 2021 06:49:04 PM UTC

Updated:: Oct 29 2023 09:54:00 PM UTC

Resolved:: May 26 2021 01:15:45 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates