MongoDB: Denial of Service — GLSA 201611-13

A vulnerability in MongoDB can lead to a Denial of Service condition.

Affected Packages

dev-db/mongodb on all architectures
Affected versions < 2.4.13
Unaffected versions >= 2.4.13

Background

MongoDB (from “humongous”) is a scalable, high-performance, open source, schema-free, document-oriented database.

Description

MongoDB’s ‘mongod’ server fails to validate some cases of malformed BSON.

Impact

A remote attacker could send a specially crafted BSON request possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All MongoDB users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/mongodb-2.4.13"
 

References

Release Date
November 20, 2016

Latest Revision
November 20, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries