CVE-2019-2392
- Source
- https://cve.org/CVERecord?id=CVE-2019-2392
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-2392.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-2392
- Downstream
- Published
- 2020-11-23T16:15:12.963Z
- Modified
- 2026-02-05T03:14:13.759615Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mongodb/mongo
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
r3.*
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.10
r3.6.10-rc0
r3.6.10-rc1
r3.6.11
r3.6.11-rc0
r3.6.11-rc1
r3.6.11-rc2
r3.6.12
r3.6.12-rc0
r3.6.12-rc1
r3.6.13
r3.6.13-rc0
r3.6.13-rc1
r3.6.14
r3.6.14-rc0
r3.6.15
r3.6.15-rc0
r3.6.15-rc1
r3.6.16
r3.6.16-rc0
r3.6.17
r3.6.17-rc0
r3.6.18
r3.6.18-rc0
r3.6.19
r3.6.19-rc0
r3.6.2
r3.6.2-rc0
r3.6.20-rc0
r3.6.20-rc1
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r3.6.9
r3.6.9-rc0
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.10
r4.0.10-rc0
r4.0.10-rc1
r4.0.11
r4.0.11-rc0
r4.0.12
r4.0.12-rc0
r4.0.12-rc1
r4.0.12-rc2
r4.0.13
r4.0.13-rc0
r4.0.14
r4.0.14-rc0
r4.0.14-rc1
r4.0.15
r4.0.15-rc0
r4.0.16
r4.0.16-rc0
r4.0.17
r4.0.17-rc0
r4.0.18
r4.0.18-rc0
r4.0.19
r4.0.19-rc0
r4.0.2
r4.0.2-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5
r4.0.5-rc0
r4.0.5-rc1
r4.0.6
r4.0.6-rc0
r4.0.6-rc1
r4.0.7
r4.0.7-rc0
r4.0.7-rc1
r4.0.8
r4.0.8-rc0
r4.0.9
r4.0.9-rc0
r4.2.0
r4.2.1
r4.2.1-rc0
r4.2.2
r4.2.2-rc0
r4.2.2-rc1
r4.2.3
r4.2.3-rc0
r4.2.3-rc1
r4.2.4
r4.2.4-rc0
r4.2.5
r4.2.5-rc0
r4.2.5-rc1
r4.2.6
r4.2.6-rc0
r4.2.7
r4.2.7-rc0
r4.2.7-rc1
r4.2.8
r4.2.8-rc0
r4.4.0
r4.4.1-rc0
r4.4.1-rc1
r4.4.1-rc2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-2392.json"
vanir_signatures
[
{
"id": "CVE-2019-2392-2d37e6c3",
"signature_type": "Function",
"digest": {
"function_hash": "151262211054760185720127152001316281250",
"length": 5307.0
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1",
"target": {
"function": "__wt_txn_recover",
"file": "src/third_party/wiredtiger/src/txn/txn_recover.c"
},
"deprecated": false
},
{
"id": "CVE-2019-2392-6ed27bda",
"signature_type": "Function",
"digest": {
"function_hash": "222802404687574253373945116552049107396",
"length": 595.0
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1",
"target": {
"function": "__recovery_file_scan",
"file": "src/third_party/wiredtiger/src/txn/txn_recover.c"
},
"deprecated": false
},
{
"id": "CVE-2019-2392-98d23718",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"277395883631913544235843059429904341778",
"190131020086289323787365361718434822041",
"156593639150803104870368656550091158247",
"254599983326529039473066318940603712053",
"246215242810397006687658517823238030194",
"30585347245087757459584332338861806407",
"161438447538539267520882034343628408421",
"313471203792529671136136365005831013652",
"123414515668546916026728107986940604788",
"154943114112322522419481562731002026669",
"36833237464877143329818463633626119100",
"89153525433556070057976587890049189048"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1",
"target": {
"file": "src/third_party/wiredtiger/src/txn/txn_recover.c"
},
"deprecated": false
}
]