CVE-2021-20326
- Source
- https://cve.org/CVERecord?id=CVE-2021-20326
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20326.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-20326
- Aliases
- Downstream
- Published
- 2021-04-30T09:15:07.597Z
- Modified
- 2026-03-14T01:32:39.003130Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r4.*
r4.4.0
r4.4.1
r4.4.1-rc0
r4.4.1-rc1
r4.4.1-rc2
r4.4.1-rc3
r4.4.2
r4.4.2-rc0
r4.4.2-rc1
r4.4.3
r4.4.3-rc0
r4.4.4-rc0
Database specific
vanir_signatures
[
{
"target": {
"function": "__hs_insert_record_with_btree",
"file": "src/third_party/wiredtiger/src/history/hs_rec.c"
},
"id": "CVE-2021-20326-0d34cbd9",
"digest": {
"function_hash": "312061597696311919524554252975438333598",
"length": 2550.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/history/hs_rec.c"
},
"id": "CVE-2021-20326-28a41848",
"digest": {
"line_hashes": [
"315479470304875803857279499481317415466",
"115074007093651304057338670897229816033",
"81088078571566113974872011295039569048",
"163719630010476410224163807323392389088",
"151800375046913805578439133327232677991",
"147916589248574302075107535560730340171",
"117346314762798772300369996480860128668",
"96667862175953330669788198818703733214",
"31861688250327554457184359058275827300",
"322830309178507761502830321026933930569",
"141514632105719770332976982430238634969",
"227245241326210015826541510000313217588"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "__wt_delete_page",
"file": "src/third_party/wiredtiger/src/btree/bt_delete.c"
},
"id": "CVE-2021-20326-39b74638",
"digest": {
"function_hash": "179664096202965806853237996690119030007",
"length": 1502.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/txn/txn_rollback_to_stable.c"
},
"id": "CVE-2021-20326-3ab1f0f5",
"digest": {
"line_hashes": [
"138970544057262200959444881653869741331",
"187909513624452395666510805886000342116",
"332915061079976617828957091818520465939",
"152337207688994054221674645750335058860",
"96070241661075151565895959079318498045",
"136593963202842362832181053530154964404",
"200371952454749138464246355702219114882"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "__wt_logop_row_modify_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-3db80e8c",
"digest": {
"function_hash": "101530883577087616889885689055293599236",
"length": 1166.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/btree/bt_delete.c"
},
"id": "CVE-2021-20326-507a76f0",
"digest": {
"line_hashes": [
"24701463899445119827634489398996051742",
"304094680702975722410480205488238885384",
"194589117532435740034042506883303217557",
"192910071358891002320103969641725374327",
"131231060101700894783456763197249110800",
"55898006032207701712329766289012282337",
"88294623296414776839881340541889064009"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "usage",
"file": "src/third_party/wiredtiger/src/utilities/util_printlog.c"
},
"id": "CVE-2021-20326-51ba2427",
"digest": {
"function_hash": "28142851885348203688437986540437414371",
"length": 469.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_col_modify_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-531aac2d",
"digest": {
"function_hash": "56219681019010975424565528599037219726",
"length": 923.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_row_remove_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-5749222a",
"digest": {
"function_hash": "238188101377323415387870023876212643368",
"length": 807.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/utilities/util_printlog.c"
},
"id": "CVE-2021-20326-580f0383",
"digest": {
"line_hashes": [
"51971341632719725737893090286192753137",
"11520671335684621015650242251536858852",
"83857547804234728949268135854806866204",
"40576386018691709425745653383202193802",
"152763773098029596863076040410468020719",
"308140493507203013767260796725830931551",
"319029925925606118610921645766422401766",
"1005737235791412550886571674514390153",
"156629878222971654597889431989402402283",
"119411159309351880102934923009092888920",
"171054357696884931772977634256658143372",
"19315419680561823141429251794247504827",
"44142400384351817767854722906780066576",
"249752665197158575962675877038147372652"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/config/config_api.c"
},
"id": "CVE-2021-20326-5f171963",
"digest": {
"line_hashes": [
"338961330669086847569163064217984323797",
"37230695511955632588858540104277548322",
"149058545345931702623309619666345246873",
"181149687476419183920514207551575935818",
"43735254131414233589030253864269446137",
"231672750229703181633426065576577677379",
"181582851262814534399121161527292356731",
"159191508916512466407433085099881791904",
"168828278532957198323434763750795496424",
"219264686165503751261747051350786471626",
"217574972431283616883367743644089331533",
"91354351096526020193950339048393117736",
"275051895190075552734790724932506436527"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/include/extern.h"
},
"id": "CVE-2021-20326-63bb6d10",
"digest": {
"line_hashes": [
"329874848549799215422459541824778853943",
"64705157096717960345550978859321982091",
"285516975718910065569156021717849204592",
"58394280656653656988619719564536133376"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "__wt_hs_insert_updates",
"file": "src/third_party/wiredtiger/src/history/hs_rec.c"
},
"id": "CVE-2021-20326-76dd31b6",
"digest": {
"function_hash": "53639146817845271418803214831383828695",
"length": 7765.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__rollback_row_ondisk_fixup_key",
"file": "src/third_party/wiredtiger/src/txn/txn_rollback_to_stable.c"
},
"id": "CVE-2021-20326-992e5b91",
"digest": {
"function_hash": "149345552815072196531220084377621911604",
"length": 5620.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_col_put_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-a7140650",
"digest": {
"function_hash": "282296241344152955822297129780911726963",
"length": 920.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_row_truncate_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-ab2d70d1",
"digest": {
"function_hash": "146572380778874493214812414164713111845",
"length": 1281.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-b70c2b1e",
"digest": {
"line_hashes": [
"55121239041693819156264571982404821608",
"42453745950279708792487054518915031661",
"221007301096082015572548815235842988346",
"13217189362746076158305379304149021605",
"293963183254329886748648429600032059834",
"52822790134166849039392184999748202090",
"47407725776359873868446945817128141067",
"212470347247612693129785925304845668987",
"223474116787789627375571040617029073075",
"313979417912792571152439701423326932270",
"280747335690823798848435572364198692013",
"209273229228154474464049478342547698527",
"219764935157860454431738320767344552561",
"244816100132780759669298532239032651340",
"287638392801360326812437002699760212759",
"43524769104093773916289913860049663888",
"120493722251707293091806791679323363986",
"217522873036491193486761051157747143730",
"122054461482838984810251528878480736469",
"94020698291820007080170047201826728342",
"293962867560020629876433521066529969604",
"32739148659113728538038310671173116820",
"143148080412295302342836222299401685223",
"305098912015752803424000346339264886567"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "src/third_party/wiredtiger/test/cppsuite/test_harness/test_harness.h"
},
"id": "CVE-2021-20326-ba8d8245",
"digest": {
"line_hashes": [
"260345024583571938408566966712790441199",
"268201060900024256826012938120618365693",
"18413994154114136159217769986650778448",
"159220887626108065644950460999585929260",
"145954510333986809221845935215986013123",
"299370189277963037667062669899220468926",
"197105242318780641455721496330041190803",
"165375073332500804077084710538952111906",
"252500965442863385091305899784262600703",
"65414597209922801780128992333687744253"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "wiredtiger_config_validate",
"file": "src/third_party/wiredtiger/src/config/config_api.c"
},
"id": "CVE-2021-20326-c7d71b50",
"digest": {
"function_hash": "283311536349146192604530693923165497871",
"length": 1227.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_row_put_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-dc6b0114",
"digest": {
"function_hash": "230459644819469586504559701340320387094",
"length": 1163.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_col_remove_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-e51e8769",
"digest": {
"function_hash": "15800523768992280293873983681930800411",
"length": 488.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "util_printlog",
"file": "src/third_party/wiredtiger/src/utilities/util_printlog.c"
},
"id": "CVE-2021-20326-e5b8b5f3",
"digest": {
"function_hash": "43788586738306872749374027165996980599",
"length": 1135.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "__wt_logop_col_truncate_print",
"file": "src/third_party/wiredtiger/src/log/log_auto.c"
},
"id": "CVE-2021-20326-eee02efd",
"digest": {
"function_hash": "293521159960001001042466863762559145387",
"length": 601.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/third_party/wiredtiger/test/cppsuite/tests/poc.cxx"
},
"id": "CVE-2021-20326-f289176e",
"digest": {
"line_hashes": [
"58372366763407597517269123703409793784",
"65343895210296720673664115797318862875",
"325362668191010663391817634610596532532",
"327308742225859197985611881567609579741",
"262167224407373225018623729032506910242",
"301456180702826207607879616238970106820",
"246098507825277471751197830155025231227",
"69362860152038969198732459414236739428",
"49935024467511465160302405904417106849",
"180342068568822164840753593556734322723",
"279746165308449814521565396170516275584",
"167742978894937753683078770115408265553"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "main",
"file": "src/third_party/wiredtiger/test/cppsuite/tests/poc.cxx"
},
"id": "CVE-2021-20326-fb686049",
"digest": {
"function_hash": "86303072903330300563159924547894214493",
"length": 86.0
},
"source": "https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20326.json"