Ian Boros

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 4.2.2 **Description** A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. **Recommendations** For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to database queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 4.4.1 MongoDB Server versions prior to 4.2.9 MongoDB Server versions prior to 4.0.20 MongoDB Server versions prior to 3.6.20 **Description** A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. **Recommendations** For versions prior to 4.4.1, update to version 4.4.1 or later. For versions prior to 4.2.9, update to version 4.2.9 or later. For versions prior to 4.0.20, update to version 4.0.20 or later. For versions prior to 3.6.20, update to version 3.6.20 or later.