2051953 – (CVE-2021-32036) CVE-2021-32036 mongodb: Repeatedly invoking the features command at a high volume may lead to resource depletion

Bug 2051953 (CVE-2021-32036) - CVE-2021-32036 mongodb: Repeatedly invoking the features command at a high volume may lead to resource depletion

Summary: CVE-2021-32036 mongodb: Repeatedly invoking the features command at a high vo...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2021-32036
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2051946
TreeView+	depends on / blocked

Reported:	2022-02-08 11:49 UTC by Vipul Nair
Modified:	2022-09-26 18:54 UTC (History)
CC List:	24 users (show)
Fixed In Version:	mongodb-4.2.18 mongodb-4.4.10 mongodb-5.0.4 mongodb-5.1.0-rc0
Clone Of:
Environment:
Last Closed:	2022-05-31 21:43:39 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vipul Nair 2022-02-08 11:49:22 UTC

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions.

https://jira.mongodb.org/browse/SERVER-59294

Comment 1 Product Security DevOps Team 2022-05-31 21:43:36 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-32036

Note You need to log in before you can comment on or make changes to this bug.

amctagga
athomas
bbuckingham
bcourt
bkearney
btotty
dbecker
ehelms
jjoyce
jschluet
jsherril
lhh
lpeer
lzap
mburns
mhulan
mmccune
myarboro
nmoumoul
orabin
pcreech
rchan
sclewis
slinaber