CVE-2019-2392

🗓️ 23 Nov 2020 15:25:14Reported by mongodbType

Denial of service can be triggered by crafted queries using $mod operator in MongoDB versions prior.

Reporter	Title	Published	Views	Family All 30
Circl	CVE-2019-2392	23 Nov 202018:46	–	circl
CNNVD	Mongodb Server 输入验证错误漏洞	23 Nov 202000:00	–	cnnvd
CNVD	Mongodb Server Input Validation Error Vulnerability (CNVD-2020-67315)	26 Nov 202000:00	–	cnvd
Cvelist	CVE-2019-2392 $mod can result in undefined behavior	23 Nov 202015:25	–	cvelist
Debian CVE	CVE-2019-2392	23 Nov 202015:25	–	debiancve
Tenable Nessus	Dell Wyse Management Suite < 3.2 Multiple Vulnerabilities (DSA-2021-070)	7 Apr 202100:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2019-2392	3 Sep 202500:00	–	nessus
EUVD	EUVD-2019-12033	7 Oct 202500:30	–	euvd
MongoDB	$mod can result in UB	30 Nov 202000:00	–	mongodb
NCSC	Vulnerabilities fixed in MongoDB	24 Nov 202000:00	–	ncsc

NVD

Node

mongodb mongodbRange3.6.0–3.6.20

mongodb mongodbRange4.0.0–4.0.20

mongodb mongodbRange4.2.0–4.2.9

mongodb mongodbRange4.4.0–4.4.1

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "3.6.20",
        "status": "affected",
        "version": "3.6",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.20",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.9",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      },
      {
        "lessThan": "4.4.1",
        "status": "affected",
        "version": "4.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-43699

21 Nov 2024 04:40Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 3.16.5

EPSS0.00426

CWE-190