Описание
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
A memory corruption flaw was found in the way MongoDB handled wire protocol compression for intra-cluster communication. A privileged network attacker could potentially use this flaw to crash the MongoDB server under certain circumstances.
Отчет
Satellite 6 uses a vulnerable version of MongoDB. However, it does not enable wire protocol compression, and thus the vulnerability can not be triggered. A fix may be provided in a future release via RHSCL repository.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | mongodb | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | mongodb | Not affected | ||
| Red Hat Enterprise MRG 2 | mongodb | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | mongodb | Not affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | mongodb | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | mongodb | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) | mongodb | Not affected | ||
| Red Hat Software Collections | rh-mongodb30upg-mongodb | Not affected | ||
| Red Hat Software Collections | rh-mongodb32-mongodb | Not affected | ||
| Red Hat Software Collections | rh-mongodb34-mongodb | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
EPSS
5.7 Medium
CVSS3