Summary: | <dev-db/mongodb-{4.2.17,4.4.20,5.0.5}: stack overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hydrapolic, ultrabug |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-04-13 19:30:14 UTC
CVE-2022-24272 (https://jira.mongodb.org/browse/SERVER-63968): An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6. no vulnerable version in tree anymore AFAIK (In reply to Ultrabug from comment #2) > no vulnerable version in tree anymore AFAIK The security team is supposed to take care of closing security bugs. I apologize, you're right |