A vulnerability in MongoDB can lead to a Denial of Service condition.
Package | dev-db/mongodb on all architectures |
---|---|
Affected versions | < 2.4.13 |
Unaffected versions | >= 2.4.13 |
MongoDB (from “humongous”) is a scalable, high-performance, open source, schema-free, document-oriented database.
MongoDB’s ‘mongod’ server fails to validate some cases of malformed BSON.
A remote attacker could send a specially crafted BSON request possibly resulting in a Denial of Service condition.
There is no known workaround at this time.
All MongoDB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mongodb-2.4.13"
Release date
November 20, 2016
Latest revision
November 20, 2016: 1
Severity
normal
Exploitable
remote
Bugzilla entries