{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T19:57:52.851","vulnerabilities":[{"cve":{"id":"CVE-2021-32040","sourceIdentifier":"cna@mongodb.com","published":"2022-04-12T15:15:07.707","lastModified":"2024-11-21T06:06:45.747","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16.\n\nWorkaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash."},{"lang":"es","value":"Puede ser posible tener una tubería de agregación extremadamente larga en conjunto con una etapa/operador específico y causar un desbordamiento de pila debido al tamaño de los marcos de pila usados por esa etapa. Si un atacante pudiera causar tal agregación, podría colapsar MongoDB de forma maliciosa en un ataque DoS. Esta vulnerabilidad afecta a MongoDB versiones anteriores a 5.0.4, 4.4.11 y 4.2.16"}],"metrics":{"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.16","matchCriteriaId":"E9E9B009-9C50-4181-BF09-5A62CC2A69F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.11","matchCriteriaId":"63C08E83-4BD2-413A-BEC3-8CC895A66A1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"F8601A2F-3061-47D5-8E27-5FEC58D25637"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/SERVER-58203","source":"cna@mongodb.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/SERVER-59299","source":"cna@mongodb.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/SERVER-60218","source":"cna@mongodb.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220609-0005/","source":"cna@mongodb.com","tags":["Third Party Advisory"]},{"url":"https://jira.mongodb.org/browse/SERVER-58203","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/SERVER-59299","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/SERVER-60218","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220609-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}