[Bug 1933520] [NEW] message decompressor to incorrectly allocate memory
Launchpad Bug Tracker
1933520 at bugs.launchpad.net
Fri Jul 2 16:27:22 UTC 2021
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
CVE 2019-20925: https://ubuntu.com/security/CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing
specially crafted wire protocol messages, which cause the message
decompressor to incorrectly allocate memory. This issue affects: MongoDB
Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to
4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.
commit:
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
Affected versions
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
** Affects: mongodb (Ubuntu)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Focal)
Importance: Undecided
Status: New
** Tags: patch ubuntu-security
--
message decompressor to incorrectly allocate memory
https://bugs.launchpad.net/bugs/1933520
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list