CVE-2018-20802
- Source
- https://cve.org/CVERecord?id=CVE-2018-20802
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20802.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-20802
- Downstream
- Published
- 2020-11-23T16:15:12.120Z
- Modified
- 2026-04-11T14:54:38.509546Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r3.*
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.2
r3.6.2-rc0
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.2
r4.0.2-rc0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20802.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"313446879818095410549742822477905822829",
"282870862950363214246411750454954328734",
"294334512224513972931248295170221526976",
"93602022440285144979986968220896615164",
"36690151616370698260816183537897350476",
"33877167853361079852385229118382323532",
"104874782494145507705853178173800527620",
"234469486348785019535551898313791110086",
"227280831871719900765309564990018109031",
"97331998981638393328950191267644429461",
"105213501979508411667800843639613061225",
"72477226828925743011045734088798315441",
"23180511404580733604044236786278836462",
"38996329226103267125449185421356145173"
]
},
"id": "CVE-2018-20802-048fb2b3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/replication_recovery_test.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"57053469562765530538421095959528302305",
"308863134277448346832112696598885717917",
"314000922387501484303832966588167499477"
]
},
"id": "CVE-2018-20802-0ebe672c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"114958715280641625478558997091928955634",
"198517063958222516324561371006482591723",
"30470134166326113963697296184345016951"
]
},
"id": "CVE-2018-20802-2be79574",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/storage/kv/kv_storage_engine.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"126195380089357335310084634872602264946",
"291350936695414427380874964889192603028",
"228083991116097395737738167260556894998",
"198891087664033816782776625800949360889",
"116008536621725400232272767617896706823",
"314873937378818208661382748520387010126",
"232748504441782272383757589197615248967",
"179797110769653246890346370682658913000",
"158415252570338232312411892931710798697",
"165345232231063747604900581771873769793",
"277603465263970786508072690983871402952",
"251133964263348402290622004016210340189"
]
},
"id": "CVE-2018-20802-356c4692",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/replication_recovery.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"23615715673467145886265356966412371722",
"227018998405425783217450144987641542117",
"265676054059120429706876870539933226906",
"312422531616240817306415076941701659458",
"104419622755676485079575449858422381491",
"77669656043742448187906917635457450200",
"189121210181490567055512862559595151412"
]
},
"id": "CVE-2018-20802-40049d7c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212322542570402831828052095309618578080",
"235894781281872003049141148664671875226",
"86410329997371051974841711098223795809"
]
},
"id": "CVE-2018-20802-455c2785",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/storage/kv/kv_engine.h"
}
},
{
"digest": {
"length": 1356.0,
"function_hash": "248744719927377893179542294276197431095"
},
"id": "CVE-2018-20802-59ab1252",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/167861a164723168adfaaa866f310cb94010428f",
"target": {
"function": "createIndexForApplyOps",
"file": "src/mongo/db/repl/oplog.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"252631145485045519327140613112340291214",
"288882601050772958251603713387727511430",
"138071066354954863559201869492735970402"
]
},
"id": "CVE-2018-20802-6bc995d3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/storage/storage_engine.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"216350819584092613269098601671493690959",
"60700441453415833913107622688243179739",
"221374221540179666732107324184549160687"
]
},
"id": "CVE-2018-20802-70ff4d95",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/storage_interface.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"194736701249373352183045026028223502863",
"34337023444406203762338426253698835079",
"236312598722435214827396252700685616256"
]
},
"id": "CVE-2018-20802-93b8ece4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/storage_interface_mock.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"15618042779469195721392852961678446108",
"37073995922809124480431105634737392939",
"314000922387501484303832966588167499477"
]
},
"id": "CVE-2018-20802-9740ada6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/storage/kv/kv_storage_engine.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"317485157123397283678206512037362298544",
"335021905254271353022346518063768179884",
"289009187200384307947674979125277529901",
"67837251507347999603836319921374723557"
]
},
"id": "CVE-2018-20802-98a9a303",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/167861a164723168adfaaa866f310cb94010428f",
"target": {
"file": "src/mongo/db/repl/oplog.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"269969958042460021228010843379052548748",
"191425238966134752679877458512691841407",
"302516754631172831699027615913721841897"
]
},
"id": "CVE-2018-20802-cc4b4179",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/rollback_test_fixture.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"242856711995075133741375483605927962192",
"72424934763284995138328377361935588924",
"312342776149757044392292041775534135326"
]
},
"id": "CVE-2018-20802-e268f928",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/storage_interface_impl.cpp"
}
},
{
"digest": {
"length": 156.0,
"function_hash": "46946736025183096060079861336435427206"
},
"id": "CVE-2018-20802-f06e32e3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"function": "WiredTigerKVEngine::getRecoveryTimestamp",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"46359545697875725864841250854537988971",
"264007873784961335532656892970523592692",
"103486660731728129832828031593961073968"
]
},
"id": "CVE-2018-20802-f5951a92",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c",
"target": {
"file": "src/mongo/db/repl/storage_interface_impl.h"
}
}
]
vanir_signatures_modified
"2026-04-11T14:54:38Z"