CVE-2021-32040

Large aggregation pipelines with a specific stage can crash mongod under default configuration

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16.

Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.

Puede ser posible tener una tubería de agregación extremadamente larga en conjunto con una etapa/operador específico y causar un desbordamiento de pila debido al tamaño de los marcos de pila usados por esa etapa. Si un atacante pudiera causar tal agregación, podría colapsar MongoDB de forma maliciosa en un ataque DoS. Esta vulnerabilidad afecta a MongoDB versiones anteriores a 5.0.4, 4.4.11 y 4.2.16

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2021-05-05 CVE Reserved
2022-04-12 CVE Published
2024-09-16 CVE Updated
2024-10-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (4)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20220609-0005	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://jira.mongodb.org/browse/SERVER-58203	2024-02-23
https://jira.mongodb.org/browse/SERVER-59299	2024-02-23
https://jira.mongodb.org/browse/SERVER-60218	2024-02-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mongodb Search vendor "Mongodb"		Mongodb Search vendor "Mongodb" for product "Mongodb"				>= 4.2.0 < 4.2.16 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.2.0 < 4.2.16"		-		Affected
Mongodb Search vendor "Mongodb"		Mongodb Search vendor "Mongodb" for product "Mongodb"				>= 4.4.0 < 4.4.11 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.4.0 < 4.4.11"		-		Affected
Mongodb Search vendor "Mongodb"		Mongodb Search vendor "Mongodb" for product "Mongodb"				>= 5.0.0 < 5.0.4 Search vendor "Mongodb" for product "Mongodb" and version " >= 5.0.0 < 5.0.4"		-		Affected