%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
mongodb
Version
4.4.30
Type
library
Description
mongodb
Licenses
SSPL-1 & Apache-2.0 & Zlib
PURL
-
CPE
cpe:2.3:*:*:mongodb:4.4.30:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
moduleconfig.py: python 3.12 compatibility
Awais B <awais.b@rufilla.com>
2
IntelRDFPMathLib20U1: Check for __DEFINED_wchar_t
Vincent Prince <vincent.prince.fr@gmail.com>
3
asio: Dont use experimental with clang
Vincent Prince <vincent.prince.fr@gmail.com>
4
apply msvc workaround for clang >= 16
Khem Raj <raj.khem@gmail.com>
5
Patch #5
Unknown
6
stacktrace: Define ARCH_BITS for ppc64
Khem Raj <raj.khem@gmail.com>
7
Tell scons to use build settings from environment
Vincent Prince <vincent.prince.fr@gmail.com>
8
wiredtiger: Avoid using off64_t
Khem Raj <raj.khem@gmail.com>
9
Fix build on 32bit
Martin Jansa <martin.jansa@gmail.com>
10
The std lib unary/binary_function base classes are
jzmaddock <john@johnmaddock.co.uk>
11
include needed c++ header
Khem Raj <raj.khem@gmail.com>
12
Use long long instead of int64_t
Khem Raj <raj.khem@gmail.com>
13
Support deprecated resolver functions
Khem Raj <raj.khem@gmail.com>
14
Fix compilation with -fno-common.
Yichao Yu <yyc1992@gmail.com>
15
Use __GLIBC__ to control use of gnu_get_libc_version
Vincent Prince <vincent.prince.fr@gmail.com>
16
Fix type mismatch on 32bit arches
Khem Raj <raj.khem@gmail.com>
17
Fix default stack size to 256K
Khem Raj <raj.khem@gmail.com>
18
Add a definition for the macro __ELF_NATIVE_CLASS
Khem Raj <raj.khem@gmail.com>
19
Mark one of strerror_r implementation glibc specific
Khem Raj <raj.khem@gmail.com>
20
Patch #20
Khem Raj <raj.khem@gmail.com>
21
stacktrace: Define ARCH_BITS for x86
Khem Raj <raj.khem@gmail.com>
22
wiredtiger: Disable strtouq on musl
Khem Raj <raj.khem@gmail.com>
23
server: Adjust the cache alignment assumptions
Khem Raj <raj.khem@gmail.com>
24
ssl_manager.cpp: fix build with gcc 7 and -fpermissive
Fabrice Fontaine <fontaine.fabrice@gmail.com>
25
add explict static_cast<size_t> to maxMemoryUsageBytes
Khem Raj <raj.khem@gmail.com>
26
Add alises for arm64 which is same as aarch64
Vincent Prince <vincent.prince.fr@gmail.com>
Vulnerabilities#
Name
Analysis
Description
Exploitable
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.
Exploitable
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript (for example, via $where or $function) can cause the server to access memory that has already been freed. This may result in disclosure of information from the mongod process memory or a denial of service through a server crash.
False Positive
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
False Positive
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
False Positive
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.