CVE-2018-25004
- Source
- https://cve.org/CVERecord?id=CVE-2018-25004
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25004.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-25004
- Downstream
- Published
- 2021-03-01T17:15:11.717Z
- Modified
- 2026-03-14T09:29:53.511470Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r3.*
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.10
r3.6.10-rc0
r3.6.10-rc1
r3.6.11-rc0
r3.6.11-rc1
r3.6.2
r3.6.2-rc0
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r3.6.9
r3.6.9-rc0
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.2
r4.0.2-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5
r4.0.5-rc0
r4.0.5-rc1
r4.0.6-rc0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25004.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/kv/kv_storage_engine.h"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"62192170197662705213386964591830706379",
"64594161552665662205761170122048146262",
"288565358463360719379917427491290830079"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-028b3a8d",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/mmap_v1/mmap_v1_engine.h"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"300936800917703023746834276620759662992",
"239119108550206730231505535828095648227",
"33683255436234021163432609056324419366"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-048ae8aa",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/catalog/database_impl.cpp",
"function": "DatabaseImpl::getStats"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"function_hash": "79169683298947678334156781747357834059",
"length": 2030.0
},
"id": "CVE-2018-25004-59c1da35",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/stats/server_write_concern_metrics.cpp",
"function": "ServerWriteConcernMetrics::toBSON"
},
"source": "https://github.com/mongodb/mongo/commit/caa42a1f75a56c7643d0b68d3880444375ec42e3",
"deprecated": false,
"digest": {
"function_hash": "155826345458008991578055499578794847183",
"length": 449.0
},
"id": "CVE-2018-25004-6c918805",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/storage_engine.h"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"107026958753888591626285380526524767503",
"425188104482425114133041518921502005",
"200293157088281233183868713167327696701"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-73db9587",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/stats/server_write_concern_metrics.cpp"
},
"source": "https://github.com/mongodb/mongo/commit/caa42a1f75a56c7643d0b68d3880444375ec42e3",
"deprecated": false,
"digest": {
"line_hashes": [
"226024944268767317299638328152001249014",
"225596942319183511968604323818619636071",
"101760830462710526203453409900503048897",
"191941181826745637165232019134593179285",
"68252621913311619341177479002243004273",
"174437520639873899519290139705804671915",
"61055323364578552744704108335497372317",
"237438732847533542343134694486987628102",
"274104118113257046085259541724676668416",
"122773121167668092454980923107688186490",
"72318800808640428558398403991634685141",
"301020178940968282454734089418840292142",
"136092392826119781598159308056609910210",
"64139016904165078734585221548867647177"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-9742f484",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/stats/server_write_concern_metrics.h"
},
"source": "https://github.com/mongodb/mongo/commit/caa42a1f75a56c7643d0b68d3880444375ec42e3",
"deprecated": false,
"digest": {
"line_hashes": [
"235413754023574383370842415946851084940",
"260505119933357191388500948273655759399",
"322701749833323904761057697662528070040",
"216930241610469721049400052414291219972",
"1360340426114286184952287306641807300",
"38218289655246187299104389765776690711",
"13082854181731894422788718833029279326",
"97791367758067305430590331993176505330",
"184464996809283997782625118529146360578",
"127154889283381648497712853072682192484",
"293234805873401286699227710657717042004",
"221315977249009282408638618976897778210",
"85081731067616245806983882650873928529",
"316816052792944076988885462262295553000",
"140795969639090682580104128481245347001",
"337921668248572409261025329091236731088",
"322662849246620244129893357995968654720",
"139129089983664537254021115339071973024"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-b0b4d100",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/mmap_v1/mmap_v1_engine.cpp"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"237400362462509855521162240267304109465",
"138213187957212041136849490992355571099"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-b26dfc41",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/kv/kv_catalog.cpp"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"309478038334604828554488508337060744398",
"213353090999761815903164213102747039166",
"55186039614674523529953708777227427648"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-b351fa51",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/kv/kv_storage_engine.cpp"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"302624993183062204048278633001442083999",
"176324108564214046684063447497008855585",
"234588084196982445363764813792965220599"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-d2863616",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/storage/kv/kv_catalog.h"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"264847377511905547030906657090864239207",
"274916272222682279642606153787195231907",
"141514494756903655265486727551076284484"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-daf39296",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/mongo/db/catalog/database_impl.cpp"
},
"source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
"deprecated": false,
"digest": {
"line_hashes": [
"296100516078241894187237052193767752394",
"22218318703697547448834853146627914408",
"91718185933153454862305360398616321363",
"282800985864526163205727656150985139192",
"23530905397657686113378254583042863476",
"215016091989884169880998989335967588106",
"307112610138656896659992725495051951302"
],
"threshold": 0.9
},
"id": "CVE-2018-25004-e09d6516",
"signature_type": "Line"
}
]