CVE-2018-25004

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-25004

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25004.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-25004

Downstream

UBUNTU-CVE-2018-25004

Published

2021-03-01T17:15:11.717Z

Modified

2025-11-20T10:50:48.661736Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.

References

https://jira.mongodb.org/browse/SERVER-38275

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

a57d8e71e6998a2d0afde7edc11bd23e5661c915

Fixed

b4339db12bf57ffee5b84a95c6919dbd35fe31c9

Affected versions

r3.*

r3.6.0

r3.6.1

r3.6.1-rc0

r3.6.1-rc1

r3.6.10

r3.6.10-rc0

r3.6.10-rc1

r3.6.11-rc0

r3.6.11-rc1

r3.6.2

r3.6.2-rc0

r3.6.3

r3.6.3-rc0

r3.6.3-rc1

r3.6.4

r3.6.4-rc0

r3.6.5

r3.6.5-rc0

r3.6.6

r3.6.6-rc0

r3.6.7

r3.6.7-rc0

r3.6.7-rc1

r3.6.8

r3.6.8-rc0

r3.6.8-rc1

r3.6.9

r3.6.9-rc0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "62192170197662705213386964591830706379",
                "64594161552665662205761170122048146262",
                "288565358463360719379917427491290830079"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/kv/kv_storage_engine.h"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-028b3a8d",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "300936800917703023746834276620759662992",
                "239119108550206730231505535828095648227",
                "33683255436234021163432609056324419366"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/mmap_v1/mmap_v1_engine.h"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-048ae8aa",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "79169683298947678334156781747357834059",
            "length": 2030.0
        },
        "target": {
            "file": "src/mongo/db/catalog/database_impl.cpp",
            "function": "DatabaseImpl::getStats"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-59c1da35",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "107026958753888591626285380526524767503",
                "425188104482425114133041518921502005",
                "200293157088281233183868713167327696701"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/storage_engine.h"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-73db9587",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "237400362462509855521162240267304109465",
                "138213187957212041136849490992355571099"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/mmap_v1/mmap_v1_engine.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-b26dfc41",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "309478038334604828554488508337060744398",
                "213353090999761815903164213102747039166",
                "55186039614674523529953708777227427648"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/kv/kv_catalog.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-b351fa51",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "302624993183062204048278633001442083999",
                "176324108564214046684063447497008855585",
                "234588084196982445363764813792965220599"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/kv/kv_storage_engine.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-d2863616",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "264847377511905547030906657090864239207",
                "274916272222682279642606153787195231907",
                "141514494756903655265486727551076284484"
            ]
        },
        "target": {
            "file": "src/mongo/db/storage/kv/kv_catalog.h"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-daf39296",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "296100516078241894187237052193767752394",
                "22218318703697547448834853146627914408",
                "91718185933153454862305360398616321363",
                "282800985864526163205727656150985139192",
                "23530905397657686113378254583042863476",
                "215016091989884169880998989335967588106",
                "307112610138656896659992725495051951302"
            ]
        },
        "target": {
            "file": "src/mongo/db/catalog/database_impl.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9",
        "id": "CVE-2018-25004-e09d6516",
        "signature_type": "Line",
        "signature_version": "v1"
    }
]