CVE-2018-25004
- Source
- https://cve.org/CVERecord?id=CVE-2018-25004
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25004.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-25004
- Downstream
- Published
- 2021-03-01T17:15:11.717Z
- Modified
- 2026-02-19T01:26:09.178225Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
- References
Affected packages
Git / github.com/mongodb/mongo
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25004.json"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"107026958753888591626285380526524767503",
"425188104482425114133041518921502005",
"200293157088281233183868713167327696701"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-12cd724a",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/storage_engine.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"237400362462509855521162240267304109465",
"138213187957212041136849490992355571099"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-17e88651",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/mmap_v1/mmap_v1_engine.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"226024944268767317299638328152001249014",
"225596942319183511968604323818619636071",
"101760830462710526203453409900503048897",
"191941181826745637165232019134593179285",
"68252621913311619341177479002243004273",
"174437520639873899519290139705804671915",
"61055323364578552744704108335497372317",
"237438732847533542343134694486987628102",
"274104118113257046085259541724676668416",
"122773121167668092454980923107688186490",
"72318800808640428558398403991634685141",
"301020178940968282454734089418840292142",
"136092392826119781598159308056609910210",
"64139016904165078734585221548867647177"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-1dd9c7c0",
"source": "https://github.com/mongodb/mongo/commit/0ad257cefc51bc671b9ef9c96dbf962d9cdc2c3f",
"target": {
"file": "src/mongo/db/stats/server_write_concern_metrics.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"235413754023574383370842415946851084940",
"260505119933357191388500948273655759399",
"322701749833323904761057697662528070040",
"216930241610469721049400052414291219972",
"1360340426114286184952287306641807300",
"38218289655246187299104389765776690711",
"13082854181731894422788718833029279326",
"97791367758067305430590331993176505330",
"184464996809283997782625118529146360578",
"127154889283381648497712853072682192484",
"293234805873401286699227710657717042004",
"221315977249009282408638618976897778210",
"85081731067616245806983882650873928529",
"316816052792944076988885462262295553000",
"140795969639090682580104128481245347001",
"337921668248572409261025329091236731088",
"322662849246620244129893357995968654720",
"139129089983664537254021115339071973024"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-1f2241c6",
"source": "https://github.com/mongodb/mongo/commit/0ad257cefc51bc671b9ef9c96dbf962d9cdc2c3f",
"target": {
"file": "src/mongo/db/stats/server_write_concern_metrics.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"264847377511905547030906657090864239207",
"274916272222682279642606153787195231907",
"141514494756903655265486727551076284484"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-57f32c62",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/kv/kv_catalog.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 449.0,
"function_hash": "155826345458008991578055499578794847183"
},
"signature_type": "Function",
"id": "CVE-2018-25004-7f7224d5",
"source": "https://github.com/mongodb/mongo/commit/0ad257cefc51bc671b9ef9c96dbf962d9cdc2c3f",
"target": {
"function": "ServerWriteConcernMetrics::toBSON",
"file": "src/mongo/db/stats/server_write_concern_metrics.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"300936800917703023746834276620759662992",
"239119108550206730231505535828095648227",
"33683255436234021163432609056324419366"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-845ba2c7",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/mmap_v1/mmap_v1_engine.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"309478038334604828554488508337060744398",
"213353090999761815903164213102747039166",
"55186039614674523529953708777227427648"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-9502273f",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/kv/kv_catalog.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"296100516078241894187237052193767752394",
"22218318703697547448834853146627914408",
"91718185933153454862305360398616321363",
"282800985864526163205727656150985139192",
"23530905397657686113378254583042863476",
"215016091989884169880998989335967588106",
"307112610138656896659992725495051951302"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-9565ae87",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/catalog/database_impl.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2030.0,
"function_hash": "79169683298947678334156781747357834059"
},
"signature_type": "Function",
"id": "CVE-2018-25004-99a64b78",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"function": "DatabaseImpl::getStats",
"file": "src/mongo/db/catalog/database_impl.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"62192170197662705213386964591830706379",
"64594161552665662205761170122048146262",
"288565358463360719379917427491290830079"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-c1b9d8d5",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/kv/kv_storage_engine.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"302624993183062204048278633001442083999",
"176324108564214046684063447497008855585",
"234588084196982445363764813792965220599"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-25004-dba9a26f",
"source": "https://github.com/mongodb/mongo/commit/a84b725360af75d224a438342eacd86fff766977",
"target": {
"file": "src/mongo/db/storage/kv/kv_storage_engine.cpp"
}
}
]