Muhammaddaffa

When using $changestreams and $ requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when the collection includes a Polygon with a strict-winding Coordinate Reference System (CRS). While strict-winding polygons are unsupported for indexing, the system fails to inspect members within a GeometryCollection, leading to a null-pointer dereference, which is an attempt to access a memory location that does not exist. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.