Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-71477

Check '_internalAllCollectionStatsSpec.getStats()' exists (boost::optional) before calling 'makeStatsForNs' in 'document_source_internal_all_collection_stats.cpp'

    • Fully Compatible
    • ALL
    • v6.2, v6.1, v6.0
    • Sharding EMEA 2022-11-28
    • 143

      CVE ID:
      CVE-2024-8654

      Title:
      MongoDB Server may access non-initialized region of memory leading to unexpected behaviour

      Description:
      MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

      CVSS Score:
      5.0 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 

      List all affected product versions:
      MongoDB Server v6.0 version 6.0.3

      CWE:
      CWE-908: Use of Uninitialized Resource

            Assignee:
            pol.pinol@mongodb.com Pol Pinol
            Reporter:
            pol.pinol@mongodb.com Pol Pinol
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: