CVE-2019-2392 $mod can result in undefined behavior

🗓️ 23 Nov 2020 15:25:14Reported by mongodbType

A user authorized to perform database queries may trigger denial of service using $mod overflo

Reporter	Title	Published	Views	Family All 30
Circl	CVE-2019-2392	23 Nov 202018:46	–	circl
CNNVD	Mongodb Server 输入验证错误漏洞	23 Nov 202000:00	–	cnnvd
CNVD	Mongodb Server Input Validation Error Vulnerability (CNVD-2020-67315)	26 Nov 202000:00	–	cnvd
CVE	CVE-2019-2392	23 Nov 202015:25	–	cve
Debian CVE	CVE-2019-2392	23 Nov 202015:25	–	debiancve
Tenable Nessus	Dell Wyse Management Suite < 3.2 Multiple Vulnerabilities (DSA-2021-070)	7 Apr 202100:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2019-2392	3 Sep 202500:00	–	nessus
EUVD	EUVD-2019-12033	7 Oct 202500:30	–	euvd
MongoDB	$mod can result in UB	30 Nov 202000:00	–	mongodb
NCSC	Vulnerabilities fixed in MongoDB	24 Nov 202000:00	–	ncsc

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "3.6.20",
        "status": "affected",
        "version": "3.6",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.20",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.9",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      },
      {
        "lessThan": "4.4.1",
        "status": "affected",
        "version": "4.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-43699

12 Feb 2024 12:18Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5

EPSS0.00426

CWE-190