[Bug 1933520] Re: message decompressor to incorrectly allocate memory
Heather Lemon
1933520 at bugs.launchpad.net
Tue Aug 3 20:54:59 UTC 2021
** Patch removed: "CVE-2019-20925-bionic-20210706.debdiff"
https://bugs.launchpad.net/ubuntu/bionic/+source/mongodb/+bug/1933520/+attachment/5509447/+files/CVE-2019-20925-bionic-20210706.debdiff
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1933520
Title:
message decompressor to incorrectly allocate memory
Status in mongodb source package in Bionic:
Confirmed
Status in mongodb source package in Focal:
Confirmed
Bug description:
CVE 2019-20925: https://ubuntu.com/security/CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing
specially crafted wire protocol messages, which cause the message
decompressor to incorrectly allocate memory. This issue affects:
MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0
versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions
prior to 3.4.24.
commit:
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
Affected versions
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/bionic/+source/mongodb/+bug/1933520/+subscriptions
More information about the Ubuntu-sponsors
mailing list