CVE-2019-2393

Summary

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior to 3.6.15.

Affected Software

VendorProductVersion RangeStatus
MongoDB Inc.MongoDB Server3.6 < 3.6.15affected
MongoDB Inc.MongoDB Server4.0 < 4.0.13affected
MongoDB Inc.MongoDB Server4.2 < 4.2.1affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CVE Program Container

Additional References

References