CVE-2018-20803 MEDIUM

CVE-2018-20803: Infinite loop in aggregation expression

Vendor Mongodb Inc.

Product MongoDB Server

Weakness CWE-835

Published November 23, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19.

Key dates

02Disclosure timeline

November 23, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-20803 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/835.html

Related vulnerabilities

Identifiers

CVE CVE-2018-20803

CWE CWE-835

CVSS 6.5 / MEDIUM

Affected versions

Vendor Mongodb Inc.

Product MongoDB Server

Affected ≥ 4.0 and < 4.0.5

Vendor Mongodb Inc.

Product MongoDB Server

Affected ≥ 3.6 and < 3.6.10

Vendor Mongodb Inc.

Product MongoDB Server

Affected ≥ 3.4 and < 3.4.19

CVE-2018-20803: Infinite loop in aggregation expression

01Description

02Disclosure timeline

03References

04Related CVE