CVE-2019-2389
- Source
- https://cve.org/CVERecord?id=CVE-2019-2389
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-2389.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-2389
- Published
- 2019-08-30T15:15:10.987Z
- Modified
- 2026-04-11T09:40:07.370513Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r3.*
r3.4.0
r3.4.1
r3.4.1-rc0
r3.4.10
r3.4.10-rc0
r3.4.11
r3.4.11-rc0
r3.4.12
r3.4.12-rc0
r3.4.13
r3.4.14
r3.4.14-rc0
r3.4.15
r3.4.15-rc0
r3.4.16
r3.4.16-rc0
r3.4.17
r3.4.17-rc0
r3.4.18
r3.4.18-rc0
r3.4.19
r3.4.19-rc0
r3.4.2
r3.4.2-rc0
r3.4.20
r3.4.20-rc0
r3.4.21
r3.4.21-rc0
r3.4.3
r3.4.3-rc0
r3.4.3-rc1
r3.4.3-rc2
r3.4.4
r3.4.4-rc0
r3.4.5
r3.4.5-rc0
r3.4.5-rc1
r3.4.5-rc2
r3.4.5-rc3
r3.4.5-rc4
r3.4.6
r3.4.6-rc0
r3.4.7
r3.4.7-rc0
r3.4.8
r3.4.8-rc0
r3.4.8-rc1
r3.4.9
r3.4.9-rc0
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.10
r3.6.10-rc0
r3.6.10-rc1
r3.6.11
r3.6.11-rc0
r3.6.11-rc1
r3.6.11-rc2
r3.6.12
r3.6.12-rc0
r3.6.12-rc1
r3.6.13
r3.6.13-rc0
r3.6.13-rc1
r3.6.2
r3.6.2-rc0
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r3.6.9
r3.6.9-rc0
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.10
r4.0.10-rc0
r4.0.10-rc1
r4.0.2
r4.0.2-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5
r4.0.5-rc0
r4.0.5-rc1
r4.0.6
r4.0.6-rc0
r4.0.6-rc1
r4.0.7
r4.0.7-rc0
r4.0.7-rc1
r4.0.8
r4.0.8-rc0
r4.0.9
r4.0.9-rc0
Database specific
vanir_signatures_modified
"2026-04-11T09:40:07Z"
vanir_signatures
[
{
"id": "CVE-2019-2389-1004a8a5",
"signature_version": "v1",
"digest": {
"function_hash": "61937275010239874520346460970434129605",
"length": 185.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "PrefixedWiredTigerHarnessHelper",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_prefixed_record_store_test.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-165fe0ca",
"signature_version": "v1",
"digest": {
"line_hashes": [
"26924533998250295673333829225315630128",
"294899704879593401439585358118034280990",
"26357773772601915398355273809563082302",
"36369067754841074126793706567586669838",
"225550587569448489494364761297828183055",
"184916337596216413079806980835012912337",
"16005808298556303105539870910980885256",
"326038935544088786231599736129175357720"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-179f8cf0",
"signature_version": "v1",
"digest": {
"function_hash": "325171484802284865273453348753238264298",
"length": 344.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerMaxCacheOverflowSizeGBParameter::set",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-36cf247e",
"signature_version": "v1",
"digest": {
"function_hash": "309332410048955961199855927604179246637",
"length": 227.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerMaxCacheOverflowSizeGBParameter::setFromString",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-3701e914",
"signature_version": "v1",
"digest": {
"line_hashes": [
"119176211318513759457844762229488862186",
"167630980375341147577685041171477178061",
"266221775816474542517747749908203203554",
"252740435069336828427599965994332911777",
"34170612815814906186014929515622184303",
"154909303271626918978999181290938289801",
"102675205115642847258618782620220392118",
"325729426310994268381941079181615944420",
"100465731876937299083359946438274196783",
"300473430996537526249928299169702568700"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.h"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-381ecc81",
"signature_version": "v1",
"digest": {
"function_hash": "310243720815985714085396491279593335487",
"length": 2737.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerGlobalOptions::add",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_global_options.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-3c2aba45",
"signature_version": "v1",
"digest": {
"line_hashes": [
"30969995706530208292417370433137582735",
"105624916076702668899293221139826753110",
"56377987737233038861690160489650955041",
"73725080892737409834804641603694074220",
"150348727581228710305049518861175884150",
"39392279374615221727101818932570257051",
"201296950247145913443590097656513358759",
"82782133590990389918334036292114069028",
"157729681886114202603114720506163836684",
"160551174030878405624478857064229772352",
"331158377951408687509433662341905408405",
"51128529274861169141063678668910027975",
"121428755211155561856683898612553980150",
"226295630971602917343392581547637419580",
"129993985236784239072741057800362497048",
"304788163467689446172424281842012883496",
"246122163920337456879294485748529833599",
"285879399499901161531209722608203762736",
"222354329717803450231735411731079875691",
"247835820645485198377467740988288328882",
"252566574113722857285232769128018684754",
"240776436868747816146082863967914811841",
"226341577968340403871572689970775288834",
"10681113961972605544187250185057543165",
"257432588444015083152414373172770725006",
"326345361037183589399368457819263151508",
"66433296482673760471420999115173452239",
"211403969985756980011869524380187725542",
"274920676961907635885142645811966643878",
"251279263110983465188537294025094558157",
"319133431755246212904104648430357583259",
"161707480851793673885886921342234773239",
"99301979971449527530495239030045619190",
"335528643977694596701889744457068632387",
"230487826986028092490761374767423268535",
"314891936430974586483051678623577449306",
"297297958185920560167079216389589866762",
"114965207342299961214228737732958698401",
"55207135636688483190530320739297226244",
"21528257321318194216502391937275486727",
"115665172727257208757293414161595975045",
"13382026041774216538777351346393308196",
"287288054846634883781542376193159825704",
"265442971244778847045764979711049865644",
"232373189888151771506092928520156279815",
"133757880430566243919717566544950500686",
"202353487195555505160461277194390641235",
"132554045127168992527609549912891510684",
"61686435888145368272611071041676773952",
"24633966662715656627286301798489406347",
"160394265571953931634857685371973915636",
"209282261313109613235284970878587356604",
"247100560728459991276497940144023503380",
"248244637521409413944083034815527995570",
"57807352491155151291238543027247327372"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-43431342",
"signature_version": "v1",
"digest": {
"function_hash": "32490590650425592794225243327840925787",
"length": 258.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerMaxCacheOverflowSizeGBParameter::WiredTigerMaxCacheOverflowSizeGBParameter",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-69670a67",
"signature_version": "v1",
"digest": {
"line_hashes": [
"335512549459391923139916337036348929547",
"26924533998250295673333829225315630128",
"294899704879593401439585358118034280990",
"26357773772601915398355273809563082302",
"36369067754841074126793706567586669838"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.h"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-6fe25f99",
"signature_version": "v1",
"digest": {
"line_hashes": [
"138959281141294517281112006986386172524",
"58597587078759479769995464041558602345",
"154358495532815636517084075138668999113",
"102943481187578979618909960532568834843",
"165785192819830749444746111706803194483",
"18973782206086067397971193736271721203",
"3617982624798390393119596822693088149",
"270090421094939727893079222112675877089",
"28568461906609888853187260752884227883",
"80291531406500729640250683561383541915",
"6105029301158106519064548271867776658",
"223760593813976214606526022960553803428",
"321469164760366099906806400015892163753",
"175910447252115462066765619638094160235",
"135201260266502720881778557412003622294",
"9268272434792024952683112093726320735",
"102943481187578979618909960532568834843",
"165785192819830749444746111706803194483",
"18973782206086067397971193736271721203",
"3617982624798390393119596822693088149",
"270090421094939727893079222112675877089",
"28568461906609888853187260752884227883",
"80291531406500729640250683561383541915",
"3840225334900641061231296018747073664",
"156901327248016343810471341227556685451",
"97841995662293048910335699460096735473"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine_test.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-7452db60",
"signature_version": "v1",
"digest": {
"line_hashes": [
"18973782206086067397971193736271721203",
"3617982624798390393119596822693088149",
"270090421094939727893079222112675877089",
"28568461906609888853187260752884227883"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_prefixed_record_store_test.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-7952c05c",
"signature_version": "v1",
"digest": {
"line_hashes": [
"38079101604146539534475791259808892208",
"156414038250564622134750294707557772105",
"209586999999009640223531670584778675334",
"268342650047195845365776823454810479703",
"258852578411061926793537845349034731394",
"277736225196093030394296124676928018591",
"139444987617341794487780126264823500682",
"97217929470521567532498788635832656472",
"121760658055090446392678317161090746511",
"183867666675416423631459167770340332507",
"114574059631507776817150089223951885534",
"62416750766851205629200977621708402734"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_global_options.h"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-8264ec95",
"signature_version": "v1",
"digest": {
"function_hash": "249220919466888254283357919104976399644",
"length": 151.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerMaxCacheOverflowSizeGBParameter::append",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-928609e9",
"signature_version": "v1",
"digest": {
"function_hash": "92208364558702838890526700109616659378",
"length": 268.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerGlobalOptions::validateMaxCacheOverflowFileSizeGB",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_global_options.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-96fa9cdc",
"signature_version": "v1",
"digest": {
"function_hash": "242134494251850389799080679595484001934",
"length": 3508.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "_readOnly",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-9e071f18",
"signature_version": "v1",
"digest": {
"line_hashes": [
"30888742784525923677032317438933729509",
"25405049016967465495261459088961942664",
"108430275857439391778589646845731983939",
"307672897278097863661314783820597410391",
"219733424293973400719052234968305455515",
"34977716437213413511171953821010319491",
"165074186159423819645958630099807510565",
"270090421094939727893079222112675877089",
"28568461906609888853187260752884227883"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_standard_record_store_test.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-b187b8f3",
"signature_version": "v1",
"digest": {
"function_hash": "35307776376996613208368469558635971073",
"length": 895.0
},
"source": "https://github.com/mongodb/mongo/commit/417d1a712e9f040d54beca8e4943edce218e9a8c",
"deprecated": false,
"target": {
"function": "DocumentSourceShardCheckResumability::_assertOplogHasEnoughHistory",
"file": "src/mongo/db/pipeline/document_source_check_resume_token.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-b778bd51",
"signature_version": "v1",
"digest": {
"function_hash": "274544291887184650944379800949513136762",
"length": 180.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerHarnessHelper",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_standard_record_store_test.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-ba670f3c",
"signature_version": "v1",
"digest": {
"line_hashes": [
"91055314593907758271581520916453233680",
"69400580127759428293100331030847686907",
"256253163489559536001890817179531253844",
"137484809639274624976462202084884865646",
"233354996002248994450811375019147216323",
"258560203673605396740210605139344302807",
"54712246082298648203107621335577855907",
"307800904484997096095719776127038579942",
"159379588331433999658642045305663683912",
"211727524224697119923606680857150769270",
"299483806370551535968508365956098446113",
"184933021766032046548868111426018119394",
"132494938563420263558657496031317238214",
"130893228505174576518198507217545198033",
"36732628835641092091783593094588260647",
"302031127111674900801362298521290365369",
"325480683017264320592302757544935470973",
"310328171411664039637669939519276160911",
"289145486250788516172093096461273047190",
"247628585208552138283206163555744516226",
"275239051466826275838393063692162946911",
"116376548743812900160537143042703123333",
"164486772153034520323226745742441309616",
"231968355649365043963983912752363832370",
"28691374122779552764930573739778662067",
"313700992358019747518429419886219112495",
"6925097916025524535816698214533196704",
"138443932340902702553947339465643158830",
"123693749380266184400512628193717955217",
"201296950247145913443590097656513358759",
"240540075116756743683504300481548049571",
"219805016373895661448378403625159538458",
"261259081224229000059884329424767238589"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_global_options.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-c600da6e",
"signature_version": "v1",
"digest": {
"function_hash": "143366803366694879392082889439580295691",
"length": 150.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "WiredTigerHarnessHelper",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_standard_record_store_test.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-cc93de27",
"signature_version": "v1",
"digest": {
"line_hashes": [
"167518918914435676432805940120156966027",
"42577576105718594824592868041131127864",
"107829062590286512630322418334734066893",
"186644252817815549788452966273155634714",
"291439647942718436018620155882826246988",
"281090238329328453523002326089518094339",
"65631583751481164351762673206004578000",
"163486395883504952904815116704679049829"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/417d1a712e9f040d54beca8e4943edce218e9a8c",
"deprecated": false,
"target": {
"file": "src/mongo/db/pipeline/document_source_check_resume_token.cpp"
},
"signature_type": "Line"
},
{
"id": "CVE-2019-2389-e84c3412",
"signature_version": "v1",
"digest": {
"function_hash": "138037723103739348523518582486217007310",
"length": 841.0
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"function": "applyMaxCacheOverflowSizeGBParameter",
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_parameters.cpp"
},
"signature_type": "Function"
},
{
"id": "CVE-2019-2389-f0fcb07e",
"signature_version": "v1",
"digest": {
"line_hashes": [
"310146580520897529091603236058383986180",
"26476647247392739107244283062333938336",
"217180637706954189957457456304674143214",
"279510519548242700659241329706964909462",
"253231997010576437043582193026841235754",
"296696087895443701251287168509298372741",
"304780267454053032676945273545924287518",
"211752499210942888831639801962537288876",
"259814991867545950990499811176724444412",
"63707461790820426546467420079989263614",
"39333271144929399137406733847507298179",
"283002936117167343425544759961897720372",
"242882990221318487199694784758875632881",
"85487768097559104067683138212628255793",
"200924419717922695762157848011487157106",
"221379262514070593589592254769107946975",
"78510497639385470143827694551492761088"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/cbef87692475857c7ee6e764c8f5104b39c342a1",
"deprecated": false,
"target": {
"file": "src/mongo/db/storage/wiredtiger/wiredtiger_init.cpp"
},
"signature_type": "Line"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-2389.json"