[Bug 1933520] Re: message decompressor to incorrectly allocate memory
Marc Deslauriers
1933520 at bugs.launchpad.net
Mon Sep 27 16:58:58 UTC 2021
There's a whole slew of CVEs that are shown to be open in bionic and
focal:
https://ubuntu.com/security/cve?q=&package=mongodb&priority=&version=&status=
Is there a reason you only picked this one? If that's on purpose, I'll
sponsor the debdiffs this week.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1933520
Title:
message decompressor to incorrectly allocate memory
Status in mongodb source package in Bionic:
Confirmed
Status in mongodb source package in Focal:
Confirmed
Bug description:
CVE 2019-20925: https://ubuntu.com/security/CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing
specially crafted wire protocol messages, which cause the message
decompressor to incorrectly allocate memory. This issue affects:
MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0
versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions
prior to 3.4.24.
commit:
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
Affected versions
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/bionic/+source/mongodb/+bug/1933520/+subscriptions
More information about the Ubuntu-sponsors
mailing list