Bug 2051953 (CVE-2021-32036) - CVE-2021-32036 mongodb: Repeatedly invoking the features command at a high volume may lead to resource depletion
Summary: CVE-2021-32036 mongodb: Repeatedly invoking the features command at a high vo...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-32036
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2051946
TreeView+ depends on / blocked
 
Reported: 2022-02-08 11:49 UTC by Vipul Nair
Modified: 2022-09-26 18:54 UTC (History)
24 users (show)

Fixed In Version: mongodb-4.2.18 mongodb-4.4.10 mongodb-5.0.4 mongodb-5.1.0-rc0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the MongoDB database when repeatedly invoking the features command. This flaw allows an authenticated attacker without any specific authorizations to repeatedly invoke commands, leading to resource depletion or the generation of high lock contention.
Clone Of:
Environment:
Last Closed: 2022-05-31 21:43:39 UTC
Embargoed:


Attachments (Terms of Use)

Description Vipul Nair 2022-02-08 11:49:22 UTC
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions.

https://jira.mongodb.org/browse/SERVER-59294

Comment 1 Product Security DevOps Team 2022-05-31 21:43:36 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-32036


Note You need to log in before you can comment on or make changes to this bug.