7 matches found
SUSE CVE-2017-15535
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...
[ASA-201801-5] mongodb: arbitrary code execution
Arch Linux Security Advisory ASA-201801-5 ========================================= Severity: High Date : 2018-01-05 CVE-ID : CVE-2017-15535 Package : mongodb Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-503 Summary ======= The package mongodb before...
CVE-2017-15535
A memory corruption flaw was found in the way MongoDB handled wire protocol compression for intra-cluster communication. A privileged network attacker could potentially use this flaw to crash the MongoDB server under certain circumstances...
openSUSE Security Update : mongodb (openSUSE-2017-1275)
This update for mongodb 3.4.10 fixes the following issues : Security issues fixed : - CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when...
OPENSUSE-SU-2017:3018-1 Security update for mongodb
This update for mongodb 3.4.10 fixes the following issues: Security issues fixed: - CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when...
OPENSUSE-SU-2017:3022-1 Security update for mongodb
This update for mongodb 3.4.10 fixes the following issues: Security issues fixed: - CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when...
CVE-2017-15535
CVE-2017-15535 affects MongoDB 3.4.x before 3.4.10 and 3.5.x-development in the wire protocol compression feature (networkMessageCompressors), which is disabled by default but if enabled can allow a remote attacker to cause a denial of service or modify memory. Public advisories and updates exist...