{"id":"CVE-2017-15535","details":"MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.","modified":"2026-04-11T04:47:50.513201Z","published":"2017-11-01T01:29:00.637Z","related":["openSUSE-SU-2017:3018-1","openSUSE-SU-2017:3022-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101689"},{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-31273"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"f4240c60f005be757399042dc12f6addbc3170c1"},{"fixed":"078f28920cb24de0dd479b5ea6c66c644f6326e9"}],"database_specific":{"versions":[{"introduced":"3.4.0"},{"fixed":"3.4.10"}]}}],"versions":["r3.4.0","r3.4.1","r3.4.1-rc0","r3.4.2","r3.4.2-rc0","r3.4.3","r3.4.3-rc0","r3.4.3-rc1","r3.4.3-rc2","r3.4.4","r3.4.4-rc0","r3.4.5","r3.4.5-rc0","r3.4.5-rc1","r3.4.5-rc2","r3.4.5-rc3","r3.4.5-rc4","r3.4.6","r3.4.6-rc0","r3.4.7","r3.4.7-rc0","r3.4.8","r3.4.8-rc0","r3.4.8-rc1","r3.4.9","r3.4.9-rc0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"length":255,"function_hash":"107862109570281846631268496074686454621"},"source":"https://github.com/mongodb/mongo/commit/078f28920cb24de0dd479b5ea6c66c644f6326e9","signature_type":"Function","id":"CVE-2017-15535-9e00c8ee","target":{"file":"src/mongo/db/s/balancer/balancer.cpp","function":"Balancer::joinCurrentRound"}},{"deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["76182740352182398932286121564362122272","80758732517255109637672591035350889934","320453793041035552778181125348421822372","69713015027358994602529446185115499919","138846925006658120967765831098123604771"]},"source":"https://github.com/mongodb/mongo/commit/078f28920cb24de0dd479b5ea6c66c644f6326e9","signature_type":"Line","id":"CVE-2017-15535-df23af3c","target":{"file":"src/mongo/db/s/balancer/balancer.cpp"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15535.json","vanir_signatures_modified":"2026-04-11T04:47:50Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}