8 matches found
BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...
CVE-2026-8201
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...
CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...
CVE-2026-8201
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...
MongoDB Server 资源管理错误漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a resource...
CVE-2024-8013
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...
CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...
CVE-2024-8013
CVE-2024-8013 stems from a bug in query analysis of certain complex self-referential $lookup subpipelines that can cause literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Impact: if triggered, no documents would be returned or written....