 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2021-32040 |
| Description: | It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.147978 1.3.6.1.4.1.25623.1.0.147979 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-32040 https://jira.mongodb.org/browse/SERVER-58203 https://jira.mongodb.org/browse/SERVER-58203 https://jira.mongodb.org/browse/SERVER-59299 https://jira.mongodb.org/browse/SERVER-59299 https://jira.mongodb.org/browse/SERVER-60218 https://jira.mongodb.org/browse/SERVER-60218 https://security.netapp.com/advisory/ntap-20220609-0005/ https://security.netapp.com/advisory/ntap-20220609-0005/ |