Bug 2026509 (CVE-2021-32037) - CVE-2021-32037 mongodb: Using $sample can trigger invariant when connecting directly to shards
Summary: CVE-2021-32037 mongodb: Using $sample can trigger invariant when connecting d...
Keywords:
Status: NEW
Alias: CVE-2021-32037
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2028482
Blocks: 2026510
TreeView+ depends on / blocked
 
Reported: 2021-11-24 22:03 UTC by Pedro Sampaio
Modified: 2023-07-07 08:31 UTC (History)
10 users (show)

Fixed In Version: mongodb 5.0.3
Doc Type: If docs needed, set a value
Doc Text:
An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized user could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a denial of service or server exit. Requests are usually sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth-enabled environment.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-11-24 22:03:33 UTC 
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment.

References:

https://jira.mongodb.org/browse/SERVER-59071
Comment 1 Summer Long 2021-12-02 00:24:12 UTC 
Upstream commits:
5.1.0-rc0: https://github.com/mongodb/mongo/commit/f3604b901d688c194de5e430c7fbab060c9dc8e0
5.0.3: https://github.com/mongodb/mongo/commit/a5e2f9b0a236462a6d1ca129583c617f111367b4
Note You need to log in before you can comment on or make changes to this bug.