{"id":"CVE-2018-20802","details":"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.","modified":"2026-04-11T14:54:38.509546Z","published":"2020-11-23T16:15:12.120Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-36993"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"a57d8e71e6998a2d0afde7edc11bd23e5661c915"},{"fixed":"167861a164723168adfaaa866f310cb94010428f"},{"introduced":"3b07af3d4f471ae89e8186d33bbb1d5259597d51"},{"fixed":"7ea530946fa7880364d88c8d8b6026bbc9ffa48c"}],"database_specific":{"versions":[{"introduced":"3.6.0"},{"fixed":"3.6.9"},{"introduced":"4.0.0"},{"fixed":"4.0.3"}]}}],"versions":["r3.6.0","r3.6.1","r3.6.1-rc0","r3.6.1-rc1","r3.6.2","r3.6.2-rc0","r3.6.3","r3.6.3-rc0","r3.6.3-rc1","r3.6.4","r3.6.4-rc0","r3.6.5","r3.6.5-rc0","r3.6.6","r3.6.6-rc0","r3.6.7","r3.6.7-rc0","r3.6.7-rc1","r3.6.8","r3.6.8-rc0","r3.6.8-rc1","r4.0.0","r4.0.1","r4.0.1-rc0","r4.0.1-rc1","r4.0.2","r4.0.2-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20802.json","vanir_signatures":[{"id":"CVE-2018-20802-048fb2b3","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/replication_recovery_test.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["313446879818095410549742822477905822829","282870862950363214246411750454954328734","294334512224513972931248295170221526976","93602022440285144979986968220896615164","36690151616370698260816183537897350476","33877167853361079852385229118382323532","104874782494145507705853178173800527620","234469486348785019535551898313791110086","227280831871719900765309564990018109031","97331998981638393328950191267644429461","105213501979508411667800843639613061225","72477226828925743011045734088798315441","23180511404580733604044236786278836462","38996329226103267125449185421356145173"]},"deprecated":false},{"id":"CVE-2018-20802-0ebe672c","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["57053469562765530538421095959528302305","308863134277448346832112696598885717917","314000922387501484303832966588167499477"]},"deprecated":false},{"id":"CVE-2018-20802-2be79574","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/storage/kv/kv_storage_engine.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["114958715280641625478558997091928955634","198517063958222516324561371006482591723","30470134166326113963697296184345016951"]},"deprecated":false},{"id":"CVE-2018-20802-356c4692","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/replication_recovery.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["126195380089357335310084634872602264946","291350936695414427380874964889192603028","228083991116097395737738167260556894998","198891087664033816782776625800949360889","116008536621725400232272767617896706823","314873937378818208661382748520387010126","232748504441782272383757589197615248967","179797110769653246890346370682658913000","158415252570338232312411892931710798697","165345232231063747604900581771873769793","277603465263970786508072690983871402952","251133964263348402290622004016210340189"]},"deprecated":false},{"id":"CVE-2018-20802-40049d7c","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["23615715673467145886265356966412371722","227018998405425783217450144987641542117","265676054059120429706876870539933226906","312422531616240817306415076941701659458","104419622755676485079575449858422381491","77669656043742448187906917635457450200","189121210181490567055512862559595151412"]},"deprecated":false},{"id":"CVE-2018-20802-455c2785","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/storage/kv/kv_engine.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["212322542570402831828052095309618578080","235894781281872003049141148664671875226","86410329997371051974841711098223795809"]},"deprecated":false},{"id":"CVE-2018-20802-59ab1252","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/167861a164723168adfaaa866f310cb94010428f","target":{"function":"createIndexForApplyOps","file":"src/mongo/db/repl/oplog.cpp"},"signature_type":"Function","digest":{"length":1356,"function_hash":"248744719927377893179542294276197431095"},"deprecated":false},{"id":"CVE-2018-20802-6bc995d3","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/storage/storage_engine.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["252631145485045519327140613112340291214","288882601050772958251603713387727511430","138071066354954863559201869492735970402"]},"deprecated":false},{"id":"CVE-2018-20802-70ff4d95","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/storage_interface.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["216350819584092613269098601671493690959","60700441453415833913107622688243179739","221374221540179666732107324184549160687"]},"deprecated":false},{"id":"CVE-2018-20802-93b8ece4","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/storage_interface_mock.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["194736701249373352183045026028223502863","34337023444406203762338426253698835079","236312598722435214827396252700685616256"]},"deprecated":false},{"id":"CVE-2018-20802-9740ada6","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/storage/kv/kv_storage_engine.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["15618042779469195721392852961678446108","37073995922809124480431105634737392939","314000922387501484303832966588167499477"]},"deprecated":false},{"id":"CVE-2018-20802-98a9a303","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/167861a164723168adfaaa866f310cb94010428f","target":{"file":"src/mongo/db/repl/oplog.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["317485157123397283678206512037362298544","335021905254271353022346518063768179884","289009187200384307947674979125277529901","67837251507347999603836319921374723557"]},"deprecated":false},{"id":"CVE-2018-20802-cc4b4179","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/rollback_test_fixture.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["269969958042460021228010843379052548748","191425238966134752679877458512691841407","302516754631172831699027615913721841897"]},"deprecated":false},{"id":"CVE-2018-20802-e268f928","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/storage_interface_impl.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["242856711995075133741375483605927962192","72424934763284995138328377361935588924","312342776149757044392292041775534135326"]},"deprecated":false},{"id":"CVE-2018-20802-f06e32e3","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"function":"WiredTigerKVEngine::getRecoveryTimestamp","file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp"},"signature_type":"Function","digest":{"length":156,"function_hash":"46946736025183096060079861336435427206"},"deprecated":false},{"id":"CVE-2018-20802-f5951a92","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/7ea530946fa7880364d88c8d8b6026bbc9ffa48c","target":{"file":"src/mongo/db/repl/storage_interface_impl.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["46359545697875725864841250854537988971","264007873784961335532656892970523592692","103486660731728129832828031593961073968"]},"deprecated":false}],"vanir_signatures_modified":"2026-04-11T14:54:38Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}