Published: 12/04/2022 Updated: 23/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions before 5.0.4 and MongoDB Server v4.2 versions before 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mongodb mongodb

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack This vulnerability affects MongoDB versions ...

CWE-787 https://jira.mongodb.org/browse/SERVER-58203 https://jira.mongodb.org/browse/SERVER-60218 https://jira.mongodb.org/browse/SERVER-59299 https://security.netapp.com/advisory/ntap-20220609-0005/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-32040

CVE-2021-32040

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect