PT-2017-14091 · Mongodb · Mongodb

Published

2017-11-01

Updated

2017-11-22

CVE-2017-15535

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions MongoDB versions 3.4.x through 3.4.9 MongoDB versions 3.5.x-development

Description The issue is related to a configuration setting, networkMessageCompressors, which is disabled by default. When enabled, it exposes a potential problem that could be exploited by a malicious attacker to deny service or modify memory.

Recommendations For MongoDB versions 3.4.x through 3.4.9, consider disabling the networkMessageCompressors setting to prevent potential exploitation. For MongoDB versions 3.5.x-development, avoid using the networkMessageCompressors setting until a fix is available. As a temporary workaround, consider disabling the networkMessageCompressors setting for all affected versions until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-15535

OPENSUSE-SU-2017:3018-1

OPENSUSE-SU-2017:3022-1

Affected Products

Mongodb

PT-2017-14091 · Mongodb · Mongodb

CVE-2017-15535

Related Identifiers

Affected Products

References · 12