Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 944308 (CVE-2024-10921) - <dev-db/mongodb-5.0.30: Improper neutralization of null bytes may lead to buffer over-reads
Summary: <dev-db/mongodb-5.0.30: Improper neutralization of null bytes may lead to buf...
Status: UNCONFIRMED
Alias: CVE-2024-10921
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://jira.mongodb.org/browse/SERVE...
Whiteboard: B3 [glsa?]
Keywords: PullRequest
Depends on: 951686
Blocks:
  Show dependency tree
 
Reported: 2024-11-21 13:20 UTC by Robert Förster
Modified: 2025-04-07 07:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Förster 2024-11-21 13:20:56 UTC
CVE-2024-10921:

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
Comment 1 Larry the Git Cow gentoo-dev 2024-12-11 05:48:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1ade7128433fd35f41e4f4b83de9f387b1d19f7

commit a1ade7128433fd35f41e4f4b83de9f387b1d19f7
Author:     Robert Förster <Dessa@gmake.de>
AuthorDate: 2024-09-10 14:13:00 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-12-11 05:45:55 +0000

    dev-db/mongodb: add 5.0.30
    
    Closes: https://bugs.gentoo.org/843329
    Closes: https://bugs.gentoo.org/908987
    Closes: https://bugs.gentoo.org/932278
    Closes: https://bugs.gentoo.org/938962
    Bug: https://bugs.gentoo.org/944308
    Signed-off-by: Robert Förster <Dessa@gmake.de>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/mongodb/Manifest                          |   1 +
 dev-db/mongodb/files/mongodb-5.0.30-gcc-11.patch |  12 ++
 dev-db/mongodb/files/mongodb-5.0.30-gcc-15.patch |  13 ++
 dev-db/mongodb/metadata.xml                      |   1 +
 dev-db/mongodb/mongodb-5.0.30.ebuild             | 211 +++++++++++++++++++++++
 5 files changed, 238 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2025-04-06 16:31:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67c9df527f29fb5bb2cc7b7918d237ba79b0152f

commit 67c9df527f29fb5bb2cc7b7918d237ba79b0152f
Author:     Robert Förster <Dessa@gmake.de>
AuthorDate: 2025-03-24 20:55:21 +0000
Commit:     Jay Faulkner <jayf@gentoo.org>
CommitDate: 2025-04-06 16:29:34 +0000

    dev-db/mongodb: drop 5.0.26
    
    Bug: https://bugs.gentoo.org/944308
    Closes: https://bugs.gentoo.org/942112
    Signed-off-by: Robert Förster <Dessa@gmake.de>
    Closes: https://github.com/gentoo/gentoo/pull/41271
    Signed-off-by: Jay Faulkner <jayf@gentoo.org>

 dev-db/mongodb/Manifest                        |   1 -
 dev-db/mongodb/files/mongodb-4.4.1-gcc11.patch |  12 --
 dev-db/mongodb/mongodb-5.0.26.ebuild           | 211 -------------------------
 3 files changed, 224 deletions(-)