CVE-2017-15535

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15535
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15535.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15535
Downstream
Related
Published
2017-11-01T01:29:00.637Z
Modified
2026-04-11T04:47:50.513201Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Introduced
f4240c60f005be757399042dc12f6addbc3170c1
Fixed
078f28920cb24de0dd479b5ea6c66c644f6326e9
Database specific 
{
    "versions": [
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.10"
        }
    ]
}

Affected versions

r3.*
r3.4.0
r3.4.1
r3.4.1-rc0
r3.4.2
r3.4.2-rc0
r3.4.3
r3.4.3-rc0
r3.4.3-rc1
r3.4.3-rc2
r3.4.4
r3.4.4-rc0
r3.4.5
r3.4.5-rc0
r3.4.5-rc1
r3.4.5-rc2
r3.4.5-rc3
r3.4.5-rc4
r3.4.6
r3.4.6-rc0
r3.4.7
r3.4.7-rc0
r3.4.8
r3.4.8-rc0
r3.4.8-rc1
r3.4.9
r3.4.9-rc0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15535.json"
vanir_signatures_modified 
"2026-04-11T04:47:50Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 255.0,
            "function_hash": "107862109570281846631268496074686454621"
        },
        "source": "https://github.com/mongodb/mongo/commit/078f28920cb24de0dd479b5ea6c66c644f6326e9",
        "id": "CVE-2017-15535-9e00c8ee",
        "signature_type": "Function",
        "target": {
            "function": "Balancer::joinCurrentRound",
            "file": "src/mongo/db/s/balancer/balancer.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "76182740352182398932286121564362122272",
                "80758732517255109637672591035350889934",
                "320453793041035552778181125348421822372",
                "69713015027358994602529446185115499919",
                "138846925006658120967765831098123604771"
            ]
        },
        "source": "https://github.com/mongodb/mongo/commit/078f28920cb24de0dd479b5ea6c66c644f6326e9",
        "id": "CVE-2017-15535-df23af3c",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/s/balancer/balancer.cpp"
        }
    }
]