{"id":"CVE-2018-20805","details":"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.","modified":"2026-04-11T14:54:25.985260Z","published":"2020-11-23T16:15:12.277Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-38164"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"a57d8e71e6998a2d0afde7edc11bd23e5661c915"},{"fixed":"3e3ab85bfb98875af3bc6e74eeb945b0719f69c8"},{"introduced":"3b07af3d4f471ae89e8186d33bbb1d5259597d51"},{"fixed":"3739429dd92b92d1b0ab120911a23d50bf03c412"}],"database_specific":{"versions":[{"introduced":"3.6.0"},{"fixed":"3.6.10"},{"introduced":"4.0.0"},{"fixed":"4.0.5"}]}}],"versions":["r3.6.0","r3.6.1","r3.6.1-rc0","r3.6.1-rc1","r3.6.10-rc0","r3.6.2","r3.6.2-rc0","r3.6.3","r3.6.3-rc0","r3.6.3-rc1","r3.6.4","r3.6.4-rc0","r3.6.5","r3.6.5-rc0","r3.6.6","r3.6.6-rc0","r3.6.7","r3.6.7-rc0","r3.6.7-rc1","r3.6.8","r3.6.8-rc0","r3.6.8-rc1","r3.6.9","r3.6.9-rc0","r4.0.0","r4.0.1","r4.0.1-rc0","r4.0.1-rc1","r4.0.2","r4.0.2-rc0","r4.0.3","r4.0.3-rc0","r4.0.4","r4.0.4-rc0","r4.0.4-rc1","r4.0.4-rc2","r4.0.5-rc0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T14:54:25Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20805.json","vanir_signatures":[{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-00ad1beb","digest":{"function_hash":"70372240380922628760326670226579035471","length":10760},"target":{"function":"__wt_stat_connection_clear_single","file":"src/third_party/wiredtiger/src/support/stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-112db0c7","digest":{"function_hash":"116303075167808404713476577459180491594","length":565},"target":{"function":"__wt_conn_stat_init","file":"src/third_party/wiredtiger/src/conn/conn_stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-2095d278","digest":{"threshold":0.9,"line_hashes":["169335859291290880787888402643336581803","8966155815881763564081387202351646850","11549646353021700653115771920712972050","213637165361766935405472563945379812301"]},"target":{"file":"src/third_party/wiredtiger/src/conn/conn_stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-385ddaba","digest":{"function_hash":"10483730543343367379176517755836701","length":1173},"target":{"function":"__log_slot_new","file":"src/third_party/wiredtiger/src/log/log_slot.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-46f02f5f","digest":{"threshold":0.9,"line_hashes":["299154149137317641524980259235989504179","6485293982832598350049786724751663829","175667786161106215985330033301951241432","102472640899208778473662070603105652107","39416856059639760034577964014597425487","141732492912055390547163383727358264603","214745367906299203713000538172784998148","222314072682608406762714314665336243844","281329370337288140546517363865183831828","105299717003767352971086823733299560632","235765931992244848794551201800037338411","134423168945225529572165951866729443097","101459192282277470554361265596913014150","108271399278678604758160128718015820799","302598737224006752718159527638274520956","178157215377083446150152408150915452438"]},"target":{"file":"src/third_party/wiredtiger/src/session/session_dhandle.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-5efd5ac8","digest":{"threshold":0.9,"line_hashes":["293657354602891190644127733142993679448","332231538110893760754492089513143834398","153765000267118890410477118741750695611","212355520220031039882189833240229835511","282105298484281921693222911013721132946","216980693497015241929762837046998318055","172103519663288381463739941731210285466","303196420296820058960443707187317466624","112114299709296963816429227689445833483","183307439172854311093230982372198524981","20760956556236375807912864294053810201","45206842910698137638899432477148304844","148141531550732887831576148385569482261","211952392919959769810824231630918188809","213266248247150292501064865352831299406","296246716847814320787221399070407291993","138385933303599142224353594715629438872","250647321557925984673128663598374563047","268947247711037803777526292918077605706","263222880687410718891100482535472045911","317130951971251988061137979708231516734","323299899966348000647617129636514436735","227996078923885134645843719791100754102","339493193401646085207254071764439506049","280825382842476479454936634063375310813","311856211566223488698630097542588815988","323965558011946691354461712190582614116","149489972314272506028721924182948604596","84792027629280470734143295561798331122","161035744610092121439180606071007255314","286882017648840124049583772313667772865","48061594423606151021150642622047405546"]},"target":{"file":"src/third_party/wiredtiger/src/log/log_slot.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-669c71e8","digest":{"function_hash":"111104019220067320284873995514487590897","length":9935},"target":{"function":"__wt_stat_dsrc_aggregate_single","file":"src/third_party/wiredtiger/src/support/stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-6b4ecebe","digest":{"function_hash":"106818388829403725660988102667085050142","length":462},"target":{"function":"__wt_cursor_close","file":"src/third_party/wiredtiger/src/cursor/cur_std.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-77821340","digest":{"function_hash":"178316326630450686783959518023652934662","length":599},"target":{"function":"__wt_cursor_reopen","file":"src/third_party/wiredtiger/src/cursor/cur_std.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-7de679aa","digest":{"function_hash":"3330707023805804852751768019413407224","length":1766},"target":{"function":"__wt_session_lock_dhandle","file":"src/third_party/wiredtiger/src/session/session_dhandle.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-812123da","digest":{"threshold":0.9,"line_hashes":["142430655993350679253337466542949063064","309058849363581020564202319776153961631","104647045798291085469055100852418283463","103489440219800293402714186036098036013","181036931965022156170667304337421538410","179789166367284307536836470321855219742","245872508582810438474005285393441738117","117378118364911307300736628438255471809","141616708407608016140064277988449682470","54825818120097813754784170570730601814","73969659732693646105552345765599749432","276074554884834517027552141496432773228","314959068164129397894341201229433239417","215970421743533129776408321528275887590","32117589587659653260905441767130007534","116638065429609181626199279255364420383","152393218406744674183001067624501651355","169678286914642246443033029340179480503","151958114381369943077347144995119161683","259325434017494001909792328176008262958","79482168614725752986259064970495376072"]},"target":{"file":"src/third_party/wiredtiger/src/cursor/cur_std.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-83fa24e0","digest":{"threshold":0.9,"line_hashes":["10653146368028546102204546113809489469","280456405854447205043522617908030719061","329606334425423231083889406573763696535","121289865667725315542468114828169229866","35573594232204400771022908967466833937","180862677446904011689003166997194913527","121203700985993422471306025620045226801","259974049418208785521720078592792710313","297040523565197355590294078865346642194","270958439245863987713905201413619625221","131649578550974462410754922352143675709","125436350881541689648663383970854866922","336147110994811025039091824365971320818","112554593644927076118841831011631021654","209277141916380164711781608621112679964","304940031684668637158744591333039599902","21030869651469431439485754268402649807","251629602869053027258077764560891637519","177914915221945487007080392035310054580","222308861271762817292662209525845611933","249142422000006779369542011046106827830","252046185045761118312089269683704737983","322365860288441950256369189203811624382","226623992795889172543616076344403632433","106747612315734214844111448348929221684","163198915440598009122785996596527089607","244188294821927138508492041197624632531","132628143166904491216901072832465549714","23110857511548344741441357785346560735","329186212120546768378152837821139792962","57272252492985486558653105983747004936","21421703816321421723293832508459447832","141001920879560309953236577232551616294"]},"target":{"file":"src/third_party/wiredtiger/src/include/stat.h"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-84009523","digest":{"function_hash":"232651179743495525465976146067653563737","length":2265},"target":{"function":"__wt_cursor_init","file":"src/third_party/wiredtiger/src/cursor/cur_std.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-84eac527","digest":{"function_hash":"78257227693353592090217532299653015168","length":1912},"target":{"function":"__log_newfile","file":"src/third_party/wiredtiger/src/log/log.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-882ddcc3","digest":{"threshold":0.9,"line_hashes":["156705058028798541716652165729532972633","79010655929507780104157261713183803959","107124721230738374670343120709075220727","301110292381612217112308483751925136069","216382612644284793574825125519123044421","329266488898166771309612163899690938303","308193438449956093690907840429005335962","46046655409898234856995249319375221203","23686425516428816421402528371743234052","52020996700955670383171431878439135885","186628222371801994031536442153169330835","207642659411345216474821545179180665127","233240566664445526862583947294023463459","253463158329063964066652139096864180829","147356001970432233899720607822984709717","304356926744735403049827058080004612251","325852110516856849023684986699777784655","200869907138414971355498303428450727413","137279191991838062298297351542786587229","171023783699970618700195128959701061986","263404123304432350987076964355253840657","60639521692099543142314364263050756529","146521116997978390312538125683943906507","242270282640208520120327889768137239101","74917776481560388290221743902067043258","53392479902984545029967422342787974809","263179179139891148650773777468383521323","33275824997766916702359774830232162567","284190544537675476916144426725963578199","293702392963941795164221903591138038921","192232885961089767819541916790546488192","22022889103420168815823645391028416345","269701745207972447714042852385217642992","293589740865292815217979047579941551872","80785279294142160948767937071358321662","57888488174395507899464512362262602730","62601548626168823167829865666572538747","272582072233582154142440061897146154572","200813264751506180220121401457243494594","4880672702800035761120177273214611772","248749656045973324952361362602863794284","206741745918512140789638054044930918668","79088761729410068615146854489860347348","170407076356826386475007063872710769374","157976570918766742536776758346364898705","328199004646260020246506057825004256775","242496082618064784609645673107093413454","30246158327630871381681494743028682638","131729219182719502827553004947549552647","180245055623795940186307530498308782615","6099753695590436720701946849814671069","104972328905303419924925607733986717161","307526046594688714424199525402105491741","263509392810946307834614638413020070264","278993309364760223559344571778666523910","248816169800998751531866659432476261096","334290220102176112133201435387360527343","199894895958622618442907416557060960564","283923507166714329437799943696057176369","330641239181701594265360749258827342044","106782331801278980177240784888374387290","249119266997578239288012809943372465198","228069011732723021233515236677804934478","20248924966514204993150533232672325317","99292773864615163606066554760255537990","330607546828120580417743383791956036337","126549494157805045056380336879761908006","162688651584458966422008298783863213491","156485505283857583182975971825503796323","249823836582563516775711440467996414940","133364861662935715865827502338696485722","315034709809523333829522649324436490919","230836886667804593036269891781804102495","178234477802316604313277462043263912547","140648774925893198260347068116682885434","70486087722822861602510355521091203534","329274930772543556533471586933473909098","203310701826635696283143264979272760074","22219274147020013615740822012271846400","30969107915462806976429534130097114338","270783984344775682640493254826451027808","150547906119364287940878502496665425444","123400948952978993545644690358408920989","335646055292170778534108450283404825283","66260729269729514081700360366290564078","323244168444830362186264619218803682605","254382406556304285345058962170670695528","103015848847474228711346729292300262611","95148266052119923960606801307160496623","298296246924023684641329315841887534050","155465673684009362080158976502748627887","166802501697989381225593545303790343717","272877911805291464922071497290251278938","299319537859170067047120565324019913695","305418077406710296002306157997395092894","183056429288245451228509477091424479614","337660628807456333708336556299002010509","253469166076466244446832111115209555727","182036658303458784836268480042462580047","218320515746971521700226644506959161736","272952071428908573270852977565157984209","181016910947637764763218169640611194952","273380605229875475428384305603856142200","114971263428302500716471336914889511087","144781528112960410633232219630045914880","311547794829507154797798105130664621522","268641294747210014560210522190490199217","317981009700903747681693562362939170010","101074105668651886925031903693958050549","227549828410242283571507259013674696431","92171476983046034473508777387204472186","12763286704196164196343094264233620534","200806644394640138503339500525170221309","32625162314108480704634234920676634934","184662883825155476992007005380019492923","13280244902624737141961171778473712386","52077521139314316449450639575453405897"]},"target":{"file":"src/third_party/wiredtiger/src/support/stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-92c2cebf","digest":{"function_hash":"164628860902413535535089802091840066954","length":4074},"target":{"function":"__wt_stat_dsrc_clear_single","file":"src/third_party/wiredtiger/src/support/stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-99814bf1","digest":{"function_hash":"169655389386899334592075928263299095205","length":29034},"target":{"function":"__wt_stat_connection_aggregate","file":"src/third_party/wiredtiger/src/support/stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-9cac66ca","digest":{"function_hash":"230363928364872727957585874309956762366","length":1234},"target":{"function":"__log_slot_dump","file":"src/third_party/wiredtiger/src/log/log_slot.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-bd010809","digest":{"function_hash":"123671036462273885677597844952782584895","length":770},"target":{"function":"__wt_cursor_cache","file":"src/third_party/wiredtiger/src/cursor/cur_std.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-bee43371","digest":{"function_hash":"140158640288493587695333629309308036133","length":11515},"target":{"function":"__wt_stat_dsrc_aggregate","file":"src/third_party/wiredtiger/src/support/stat.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-c0dfea7b","digest":{"threshold":0.9,"line_hashes":["137569438138247484122488558246333320880","294655493801497690656477890166813985818","239794746536024472162891155759743635477","11360657316413880637392458830968630215","258149309966438445797794550535009540555","5579228574528584538401798376578964675","89133893718854045876988043151221497677","22639749550338338339159898790325757128","255044852094173568654419811905643725368","163120220115450579035596428793734085328","75708173992812929023981000288547963370","6195363569172261072296342376948571496","99862235881450509144534884897490120780","39314567551938640596495386246389361785","216797200844727713879191180704184230675","259259268529726623273381451729683357088","233949113722438034883047698720877084955","284637320762250193841253818780586801584","182788410007520445562919930139698407525","330417301855093281275638000115088792011","273134218349227852169061357687381198331","176944417879417661133161611681258033769","199087238031655894414313871457820138915","283642539333914772164818773575509710909","95475136156641370329995084497740325117"]},"target":{"file":"src/third_party/wiredtiger/src/cursor/cur_file.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2018-20805-f911a5da","digest":{"function_hash":"119700167055252103191988305154655618280","length":747},"target":{"function":"__curfile_reopen","file":"src/third_party/wiredtiger/src/cursor/cur_file.c"}},{"source":"https://github.com/mongodb/mongo/commit/3e3ab85bfb98875af3bc6e74eeb945b0719f69c8","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2018-20805-fddf09be","digest":{"threshold":0.9,"line_hashes":["193064998048464110675347051781342817885","3505509121191584595953515451762528858","39138093608039170862994163124301209352","6386604898393722370953980190330493050","225970546378840670750676828290525932462","21782460691193895082573133909240985651"]},"target":{"file":"src/third_party/wiredtiger/src/log/log.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}