MongoDB Server Sharded Query Crash Vulnerability

A vulnerability exists in MongoDB Server in the sharding component, specifically in versions 6.0 prior to 6.0.x, 7.0 prior to 7.0.18, and 8.0 prior to 8.0.6. The issue arises from an improper handling of the logical session identifier (lsid) field in sharded queries, which can lead to a crash in MongoDB routers. This problem occurs when a generic argument is introduced inappropriately, causing the server to crash instead of logging the incident as a programmer error.

Impact

Exploitation of this vulnerability causes a server crash, disrupting database operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by sending a sharded query that includes an invalid lsid value in the $mergeCursors stage. This can be done manually or automated with a tool that diagnoses slow queries. The incorrect lsid value triggers an invariant check that, if violated, causes the server to crash.

Remediation

Users can upgrade to MongoDB Server versions 8.0.6, 7.0.18, or 6.0.24 to address this vulnerability.