message decompressor to incorrectly allocate memory
Bug #1933520 reported by
Heather Lemon
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
mongodb (Ubuntu) | ||||||
Bionic |
Fix Released
|
Medium
|
Heather Lemon | |||
Focal |
Fix Released
|
Medium
|
Heather Lemon |
Bug Description
CVE 2019-20925: https:/
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.
commit: https:/
Affected versions
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
CVE References
tags: | added: security |
tags: |
added: ubuntu-security removed: security |
tags: | added: bug security |
Changed in mongodb (Ubuntu): | |
importance: | Undecided → Medium |
Changed in mongodb (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in mongodb (Ubuntu Focal): | |
importance: | Undecided → Medium |
information type: | Public → Public Security |
no longer affects: | mongodb (Ubuntu) |
Changed in mongodb (Ubuntu Focal): | |
assignee: | nobody → Heather Lemon (hypothetical-lemon) |
Changed in mongodb (Ubuntu Bionic): | |
assignee: | nobody → Heather Lemon (hypothetical-lemon) |
To post a comment you must log in.
bionic - cve-2019-20925 message decompressor to incorrectly allocate memory.