Mickey. J Winters

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 4.2.16 MongoDB Server versions 4.4 prior to and including 4.4.28 MongoDB Server versions 5.0 prior to 5.0.4 **Description** It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. **Recommendations** For MongoDB Server versions prior to 4.2.16, update to version 4.2.16 or later. For MongoDB Server versions 4.4 prior to and including 4.4.28, update to a version later than 4.4.28. For MongoDB Server versions 5.0 prior to 5.0.4, update to version 5.0.4 or later. As a temporary workaround, >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.