Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Large aggregation pipelines with a specific stage can crash mongod under default configuration
Vulnerability Description
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
MongoDB 缓冲区错误漏洞
Vulnerability Description
MongoDB是美国MongoDB公司的一种面向文档的数据库管理系统。 MongoDB存在安全漏洞,该漏洞源于stage使用的堆栈帧的大小导致堆栈溢出。以下产品及版本受到影响:MongoDB 5.0.4之前版本、4.4.11之前版本、4.2.16之前版本。
CVSS Information
N/A
Vulnerability Type
N/A