Public bug reported: CVE 2019-20925: https://ubuntu.com/security/CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24. commit: https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8 Affected versions Ubuntu 18.04 LTS (Bionic Beaver) Ubuntu 20.04 LTS (Focal Fossa) ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New ** Affects: mongodb (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: mongodb (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: mongodb (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: mongodb (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933520 Title: message decompressor to incorrectly allocate memory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1933520/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
