MongoDB Server Unique Index Violation Vulnerability Leading to Server Crash

A vulnerability exists in MongoDB Server that may allow upsert operations, when retried within a transaction, to bypass unique index constraints. This could lead to an invariant failure and cause the server to crash during the commit process. The issue arises from improper management of WriteUnitOfWork state. Affected versions include MongoDB Server v6.0 prior to 6.0.25, v7.0 prior to 7.0.22, and v8.0 prior to 8.0.12.

Impact

Exploitation of this vulnerability can cause a server crash.

Reproduction

The vulnerability can be reproduced by performing an upsert operation within a transaction that violates a unique index constraint. When the operation encounters a duplicate key error, it can be retried, which may result in the upsert succeeding and the unique constraint being violated. This issue has been observed in MongoDB Server v6.0, v7.0, and v8.0.

Remediation

Users can upgrade to MongoDB Server v6.0.25, v7.0.22, or v8.0.12 to address this vulnerability.