CVE-2018-20805
- Source
- https://cve.org/CVERecord?id=CVE-2018-20805
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20805.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-20805
- Downstream
- Published
- 2020-11-23T16:15:12.277Z
- Modified
- 2026-04-11T14:54:25.985260Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r3.*
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.10-rc0
r3.6.2
r3.6.2-rc0
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r3.6.9
r3.6.9-rc0
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.2
r4.0.2-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5-rc0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20805.json"
vanir_signatures
[
{
"digest": {
"length": 10760.0,
"function_hash": "70372240380922628760326670226579035471"
},
"id": "CVE-2018-20805-00ad1beb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_stat_connection_clear_single",
"file": "src/third_party/wiredtiger/src/support/stat.c"
}
},
{
"digest": {
"length": 565.0,
"function_hash": "116303075167808404713476577459180491594"
},
"id": "CVE-2018-20805-112db0c7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_conn_stat_init",
"file": "src/third_party/wiredtiger/src/conn/conn_stat.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"169335859291290880787888402643336581803",
"8966155815881763564081387202351646850",
"11549646353021700653115771920712972050",
"213637165361766935405472563945379812301"
]
},
"id": "CVE-2018-20805-2095d278",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/conn/conn_stat.c"
}
},
{
"digest": {
"length": 1173.0,
"function_hash": "10483730543343367379176517755836701"
},
"id": "CVE-2018-20805-385ddaba",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__log_slot_new",
"file": "src/third_party/wiredtiger/src/log/log_slot.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"299154149137317641524980259235989504179",
"6485293982832598350049786724751663829",
"175667786161106215985330033301951241432",
"102472640899208778473662070603105652107",
"39416856059639760034577964014597425487",
"141732492912055390547163383727358264603",
"214745367906299203713000538172784998148",
"222314072682608406762714314665336243844",
"281329370337288140546517363865183831828",
"105299717003767352971086823733299560632",
"235765931992244848794551201800037338411",
"134423168945225529572165951866729443097",
"101459192282277470554361265596913014150",
"108271399278678604758160128718015820799",
"302598737224006752718159527638274520956",
"178157215377083446150152408150915452438"
]
},
"id": "CVE-2018-20805-46f02f5f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/session/session_dhandle.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"293657354602891190644127733142993679448",
"332231538110893760754492089513143834398",
"153765000267118890410477118741750695611",
"212355520220031039882189833240229835511",
"282105298484281921693222911013721132946",
"216980693497015241929762837046998318055",
"172103519663288381463739941731210285466",
"303196420296820058960443707187317466624",
"112114299709296963816429227689445833483",
"183307439172854311093230982372198524981",
"20760956556236375807912864294053810201",
"45206842910698137638899432477148304844",
"148141531550732887831576148385569482261",
"211952392919959769810824231630918188809",
"213266248247150292501064865352831299406",
"296246716847814320787221399070407291993",
"138385933303599142224353594715629438872",
"250647321557925984673128663598374563047",
"268947247711037803777526292918077605706",
"263222880687410718891100482535472045911",
"317130951971251988061137979708231516734",
"323299899966348000647617129636514436735",
"227996078923885134645843719791100754102",
"339493193401646085207254071764439506049",
"280825382842476479454936634063375310813",
"311856211566223488698630097542588815988",
"323965558011946691354461712190582614116",
"149489972314272506028721924182948604596",
"84792027629280470734143295561798331122",
"161035744610092121439180606071007255314",
"286882017648840124049583772313667772865",
"48061594423606151021150642622047405546"
]
},
"id": "CVE-2018-20805-5efd5ac8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/log/log_slot.c"
}
},
{
"digest": {
"length": 9935.0,
"function_hash": "111104019220067320284873995514487590897"
},
"id": "CVE-2018-20805-669c71e8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_stat_dsrc_aggregate_single",
"file": "src/third_party/wiredtiger/src/support/stat.c"
}
},
{
"digest": {
"length": 462.0,
"function_hash": "106818388829403725660988102667085050142"
},
"id": "CVE-2018-20805-6b4ecebe",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_cursor_close",
"file": "src/third_party/wiredtiger/src/cursor/cur_std.c"
}
},
{
"digest": {
"length": 599.0,
"function_hash": "178316326630450686783959518023652934662"
},
"id": "CVE-2018-20805-77821340",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_cursor_reopen",
"file": "src/third_party/wiredtiger/src/cursor/cur_std.c"
}
},
{
"digest": {
"length": 1766.0,
"function_hash": "3330707023805804852751768019413407224"
},
"id": "CVE-2018-20805-7de679aa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_session_lock_dhandle",
"file": "src/third_party/wiredtiger/src/session/session_dhandle.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142430655993350679253337466542949063064",
"309058849363581020564202319776153961631",
"104647045798291085469055100852418283463",
"103489440219800293402714186036098036013",
"181036931965022156170667304337421538410",
"179789166367284307536836470321855219742",
"245872508582810438474005285393441738117",
"117378118364911307300736628438255471809",
"141616708407608016140064277988449682470",
"54825818120097813754784170570730601814",
"73969659732693646105552345765599749432",
"276074554884834517027552141496432773228",
"314959068164129397894341201229433239417",
"215970421743533129776408321528275887590",
"32117589587659653260905441767130007534",
"116638065429609181626199279255364420383",
"152393218406744674183001067624501651355",
"169678286914642246443033029340179480503",
"151958114381369943077347144995119161683",
"259325434017494001909792328176008262958",
"79482168614725752986259064970495376072"
]
},
"id": "CVE-2018-20805-812123da",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/cursor/cur_std.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10653146368028546102204546113809489469",
"280456405854447205043522617908030719061",
"329606334425423231083889406573763696535",
"121289865667725315542468114828169229866",
"35573594232204400771022908967466833937",
"180862677446904011689003166997194913527",
"121203700985993422471306025620045226801",
"259974049418208785521720078592792710313",
"297040523565197355590294078865346642194",
"270958439245863987713905201413619625221",
"131649578550974462410754922352143675709",
"125436350881541689648663383970854866922",
"336147110994811025039091824365971320818",
"112554593644927076118841831011631021654",
"209277141916380164711781608621112679964",
"304940031684668637158744591333039599902",
"21030869651469431439485754268402649807",
"251629602869053027258077764560891637519",
"177914915221945487007080392035310054580",
"222308861271762817292662209525845611933",
"249142422000006779369542011046106827830",
"252046185045761118312089269683704737983",
"322365860288441950256369189203811624382",
"226623992795889172543616076344403632433",
"106747612315734214844111448348929221684",
"163198915440598009122785996596527089607",
"244188294821927138508492041197624632531",
"132628143166904491216901072832465549714",
"23110857511548344741441357785346560735",
"329186212120546768378152837821139792962",
"57272252492985486558653105983747004936",
"21421703816321421723293832508459447832",
"141001920879560309953236577232551616294"
]
},
"id": "CVE-2018-20805-83fa24e0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/include/stat.h"
}
},
{
"digest": {
"length": 2265.0,
"function_hash": "232651179743495525465976146067653563737"
},
"id": "CVE-2018-20805-84009523",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_cursor_init",
"file": "src/third_party/wiredtiger/src/cursor/cur_std.c"
}
},
{
"digest": {
"length": 1912.0,
"function_hash": "78257227693353592090217532299653015168"
},
"id": "CVE-2018-20805-84eac527",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__log_newfile",
"file": "src/third_party/wiredtiger/src/log/log.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"156705058028798541716652165729532972633",
"79010655929507780104157261713183803959",
"107124721230738374670343120709075220727",
"301110292381612217112308483751925136069",
"216382612644284793574825125519123044421",
"329266488898166771309612163899690938303",
"308193438449956093690907840429005335962",
"46046655409898234856995249319375221203",
"23686425516428816421402528371743234052",
"52020996700955670383171431878439135885",
"186628222371801994031536442153169330835",
"207642659411345216474821545179180665127",
"233240566664445526862583947294023463459",
"253463158329063964066652139096864180829",
"147356001970432233899720607822984709717",
"304356926744735403049827058080004612251",
"325852110516856849023684986699777784655",
"200869907138414971355498303428450727413",
"137279191991838062298297351542786587229",
"171023783699970618700195128959701061986",
"263404123304432350987076964355253840657",
"60639521692099543142314364263050756529",
"146521116997978390312538125683943906507",
"242270282640208520120327889768137239101",
"74917776481560388290221743902067043258",
"53392479902984545029967422342787974809",
"263179179139891148650773777468383521323",
"33275824997766916702359774830232162567",
"284190544537675476916144426725963578199",
"293702392963941795164221903591138038921",
"192232885961089767819541916790546488192",
"22022889103420168815823645391028416345",
"269701745207972447714042852385217642992",
"293589740865292815217979047579941551872",
"80785279294142160948767937071358321662",
"57888488174395507899464512362262602730",
"62601548626168823167829865666572538747",
"272582072233582154142440061897146154572",
"200813264751506180220121401457243494594",
"4880672702800035761120177273214611772",
"248749656045973324952361362602863794284",
"206741745918512140789638054044930918668",
"79088761729410068615146854489860347348",
"170407076356826386475007063872710769374",
"157976570918766742536776758346364898705",
"328199004646260020246506057825004256775",
"242496082618064784609645673107093413454",
"30246158327630871381681494743028682638",
"131729219182719502827553004947549552647",
"180245055623795940186307530498308782615",
"6099753695590436720701946849814671069",
"104972328905303419924925607733986717161",
"307526046594688714424199525402105491741",
"263509392810946307834614638413020070264",
"278993309364760223559344571778666523910",
"248816169800998751531866659432476261096",
"334290220102176112133201435387360527343",
"199894895958622618442907416557060960564",
"283923507166714329437799943696057176369",
"330641239181701594265360749258827342044",
"106782331801278980177240784888374387290",
"249119266997578239288012809943372465198",
"228069011732723021233515236677804934478",
"20248924966514204993150533232672325317",
"99292773864615163606066554760255537990",
"330607546828120580417743383791956036337",
"126549494157805045056380336879761908006",
"162688651584458966422008298783863213491",
"156485505283857583182975971825503796323",
"249823836582563516775711440467996414940",
"133364861662935715865827502338696485722",
"315034709809523333829522649324436490919",
"230836886667804593036269891781804102495",
"178234477802316604313277462043263912547",
"140648774925893198260347068116682885434",
"70486087722822861602510355521091203534",
"329274930772543556533471586933473909098",
"203310701826635696283143264979272760074",
"22219274147020013615740822012271846400",
"30969107915462806976429534130097114338",
"270783984344775682640493254826451027808",
"150547906119364287940878502496665425444",
"123400948952978993545644690358408920989",
"335646055292170778534108450283404825283",
"66260729269729514081700360366290564078",
"323244168444830362186264619218803682605",
"254382406556304285345058962170670695528",
"103015848847474228711346729292300262611",
"95148266052119923960606801307160496623",
"298296246924023684641329315841887534050",
"155465673684009362080158976502748627887",
"166802501697989381225593545303790343717",
"272877911805291464922071497290251278938",
"299319537859170067047120565324019913695",
"305418077406710296002306157997395092894",
"183056429288245451228509477091424479614",
"337660628807456333708336556299002010509",
"253469166076466244446832111115209555727",
"182036658303458784836268480042462580047",
"218320515746971521700226644506959161736",
"272952071428908573270852977565157984209",
"181016910947637764763218169640611194952",
"273380605229875475428384305603856142200",
"114971263428302500716471336914889511087",
"144781528112960410633232219630045914880",
"311547794829507154797798105130664621522",
"268641294747210014560210522190490199217",
"317981009700903747681693562362939170010",
"101074105668651886925031903693958050549",
"227549828410242283571507259013674696431",
"92171476983046034473508777387204472186",
"12763286704196164196343094264233620534",
"200806644394640138503339500525170221309",
"32625162314108480704634234920676634934",
"184662883825155476992007005380019492923",
"13280244902624737141961171778473712386",
"52077521139314316449450639575453405897"
]
},
"id": "CVE-2018-20805-882ddcc3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/support/stat.c"
}
},
{
"digest": {
"length": 4074.0,
"function_hash": "164628860902413535535089802091840066954"
},
"id": "CVE-2018-20805-92c2cebf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_stat_dsrc_clear_single",
"file": "src/third_party/wiredtiger/src/support/stat.c"
}
},
{
"digest": {
"length": 29034.0,
"function_hash": "169655389386899334592075928263299095205"
},
"id": "CVE-2018-20805-99814bf1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_stat_connection_aggregate",
"file": "src/third_party/wiredtiger/src/support/stat.c"
}
},
{
"digest": {
"length": 1234.0,
"function_hash": "230363928364872727957585874309956762366"
},
"id": "CVE-2018-20805-9cac66ca",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__log_slot_dump",
"file": "src/third_party/wiredtiger/src/log/log_slot.c"
}
},
{
"digest": {
"length": 770.0,
"function_hash": "123671036462273885677597844952782584895"
},
"id": "CVE-2018-20805-bd010809",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_cursor_cache",
"file": "src/third_party/wiredtiger/src/cursor/cur_std.c"
}
},
{
"digest": {
"length": 11515.0,
"function_hash": "140158640288493587695333629309308036133"
},
"id": "CVE-2018-20805-bee43371",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__wt_stat_dsrc_aggregate",
"file": "src/third_party/wiredtiger/src/support/stat.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"137569438138247484122488558246333320880",
"294655493801497690656477890166813985818",
"239794746536024472162891155759743635477",
"11360657316413880637392458830968630215",
"258149309966438445797794550535009540555",
"5579228574528584538401798376578964675",
"89133893718854045876988043151221497677",
"22639749550338338339159898790325757128",
"255044852094173568654419811905643725368",
"163120220115450579035596428793734085328",
"75708173992812929023981000288547963370",
"6195363569172261072296342376948571496",
"99862235881450509144534884897490120780",
"39314567551938640596495386246389361785",
"216797200844727713879191180704184230675",
"259259268529726623273381451729683357088",
"233949113722438034883047698720877084955",
"284637320762250193841253818780586801584",
"182788410007520445562919930139698407525",
"330417301855093281275638000115088792011",
"273134218349227852169061357687381198331",
"176944417879417661133161611681258033769",
"199087238031655894414313871457820138915",
"283642539333914772164818773575509710909",
"95475136156641370329995084497740325117"
]
},
"id": "CVE-2018-20805-c0dfea7b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/cursor/cur_file.c"
}
},
{
"digest": {
"length": 747.0,
"function_hash": "119700167055252103191988305154655618280"
},
"id": "CVE-2018-20805-f911a5da",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"function": "__curfile_reopen",
"file": "src/third_party/wiredtiger/src/cursor/cur_file.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"193064998048464110675347051781342817885",
"3505509121191584595953515451762528858",
"39138093608039170862994163124301209352",
"6386604898393722370953980190330493050",
"225970546378840670750676828290525932462",
"21782460691193895082573133909240985651"
]
},
"id": "CVE-2018-20805-fddf09be",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8",
"target": {
"file": "src/third_party/wiredtiger/src/log/log.c"
}
}
]
vanir_signatures_modified
"2026-04-11T14:54:25Z"