ALT Linux Team

Package mongo6.0 update in p10 on 2024-11-26

ALT-PU-2024-16107-3

Package mongo6.0 updated to version 6.0.19-alt0.p10.1 for branch p10 in task 363176.

Closed vulnerabilities

Published: 2025-03-03
Modified: 2025-08-13

BDU:2024-08901

Уязвимость системы управления базами данных MongoDB, связанная с неправильной проверкой согласованности во входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2024-11-18

BDU:2024-09752

Уязвимость сервера системы управления базами данных MongoDB, связанная с неправильной нейтрализацией нулевых байтов при обработке данных BSON формата, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: MEDIUM (6.6)Vector: AV:N/AC:H/Au:S/C:C/I:N/A:C
References:
Published: 2025-04-07

BDU:2025-03803

Уязвимость двоичного файла mongocryptd и библиотеки mongo crypt v1.so системы управления базами данных MongoDB, связанная с передачей критичной информации открытым текстом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: LOW (3.3)Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW (1.7)Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N
References:
Published: 2024-11-14
Modified: 2025-10-01

CVE-2024-10921

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2024-10-28
Modified: 2024-10-31

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.

Severity: LOW (3.3)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2024-10-21
Modified: 2024-11-07

CVE-2024-8305

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top