CVE-2018-20803

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20803

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20803.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-20803

Related

UBUNTU-CVE-2018-20803

Published

2020-11-23T18:15:10Z

Modified

2025-02-14T10:35:11.247582Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19.

References

https://jira.mongodb.org/browse/SERVER-38070

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

f4240c60f005be757399042dc12f6addbc3170c1

Fixed

a2d97db8fe449d15eb8e275bbf318491781472bf

Affected versions

r3.*

r3.4.0

r3.4.1

r3.4.1-rc0

r3.4.10

r3.4.10-rc0

r3.4.11

r3.4.11-rc0

r3.4.12

r3.4.12-rc0

r3.4.13

r3.4.14

r3.4.14-rc0

r3.4.15

r3.4.15-rc0

r3.4.16

r3.4.16-rc0

r3.4.17

r3.4.17-rc0

r3.4.18

r3.4.18-rc0

r3.4.2

r3.4.2-rc0

r3.4.3

r3.4.3-rc0

r3.4.3-rc1

r3.4.3-rc2

r3.4.4

r3.4.4-rc0

r3.4.5

r3.4.5-rc0

r3.4.5-rc1

r3.4.5-rc2

r3.4.5-rc3

r3.4.5-rc4

r3.4.6

r3.4.6-rc0

r3.4.7

r3.4.7-rc0

r3.4.8

r3.4.8-rc0

r3.4.8-rc1

r3.4.9

r3.4.9-rc0