{"id":"CVE-2018-25004","details":"A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.","modified":"2026-04-11T14:54:27.310843Z","published":"2021-03-01T17:15:11.717Z","references":[{"type":"FIX","url":"https://jira.mongodb.org/browse/SERVER-38275"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"a57d8e71e6998a2d0afde7edc11bd23e5661c915"},{"fixed":"b4339db12bf57ffee5b84a95c6919dbd35fe31c9"},{"introduced":"3b07af3d4f471ae89e8186d33bbb1d5259597d51"},{"fixed":"caa42a1f75a56c7643d0b68d3880444375ec42e3"}],"database_specific":{"versions":[{"introduced":"3.6.0"},{"fixed":"3.6.11"},{"introduced":"4.0.0"},{"fixed":"4.0.6"}]}}],"versions":["r3.6.0","r3.6.1","r3.6.1-rc0","r3.6.1-rc1","r3.6.10","r3.6.10-rc0","r3.6.10-rc1","r3.6.11-rc0","r3.6.11-rc1","r3.6.2","r3.6.2-rc0","r3.6.3","r3.6.3-rc0","r3.6.3-rc1","r3.6.4","r3.6.4-rc0","r3.6.5","r3.6.5-rc0","r3.6.6","r3.6.6-rc0","r3.6.7","r3.6.7-rc0","r3.6.7-rc1","r3.6.8","r3.6.8-rc0","r3.6.8-rc1","r3.6.9","r3.6.9-rc0","r4.0.0","r4.0.1","r4.0.1-rc0","r4.0.1-rc1","r4.0.2","r4.0.2-rc0","r4.0.3","r4.0.3-rc0","r4.0.4","r4.0.4-rc0","r4.0.4-rc1","r4.0.4-rc2","r4.0.5","r4.0.5-rc0","r4.0.5-rc1","r4.0.6-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25004.json","vanir_signatures_modified":"2026-04-11T14:54:27Z","vanir_signatures":[{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["62192170197662705213386964591830706379","64594161552665662205761170122048146262","288565358463360719379917427491290830079"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/kv/kv_storage_engine.h"},"id":"CVE-2018-25004-028b3a8d"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["300936800917703023746834276620759662992","239119108550206730231505535828095648227","33683255436234021163432609056324419366"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/mmap_v1/mmap_v1_engine.h"},"id":"CVE-2018-25004-048ae8aa"},{"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"length":2030,"function_hash":"79169683298947678334156781747357834059"},"signature_version":"v1","deprecated":false,"target":{"function":"DatabaseImpl::getStats","file":"src/mongo/db/catalog/database_impl.cpp"},"id":"CVE-2018-25004-59c1da35"},{"signature_type":"Function","source":"https://github.com/mongodb/mongo/commit/caa42a1f75a56c7643d0b68d3880444375ec42e3","digest":{"length":449,"function_hash":"155826345458008991578055499578794847183"},"signature_version":"v1","deprecated":false,"target":{"function":"ServerWriteConcernMetrics::toBSON","file":"src/mongo/db/stats/server_write_concern_metrics.cpp"},"id":"CVE-2018-25004-6c918805"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["107026958753888591626285380526524767503","425188104482425114133041518921502005","200293157088281233183868713167327696701"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/storage_engine.h"},"id":"CVE-2018-25004-73db9587"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/caa42a1f75a56c7643d0b68d3880444375ec42e3","digest":{"threshold":0.9,"line_hashes":["226024944268767317299638328152001249014","225596942319183511968604323818619636071","101760830462710526203453409900503048897","191941181826745637165232019134593179285","68252621913311619341177479002243004273","174437520639873899519290139705804671915","61055323364578552744704108335497372317","237438732847533542343134694486987628102","274104118113257046085259541724676668416","122773121167668092454980923107688186490","72318800808640428558398403991634685141","301020178940968282454734089418840292142","136092392826119781598159308056609910210","64139016904165078734585221548867647177"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/stats/server_write_concern_metrics.cpp"},"id":"CVE-2018-25004-9742f484"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/caa42a1f75a56c7643d0b68d3880444375ec42e3","digest":{"threshold":0.9,"line_hashes":["235413754023574383370842415946851084940","260505119933357191388500948273655759399","322701749833323904761057697662528070040","216930241610469721049400052414291219972","1360340426114286184952287306641807300","38218289655246187299104389765776690711","13082854181731894422788718833029279326","97791367758067305430590331993176505330","184464996809283997782625118529146360578","127154889283381648497712853072682192484","293234805873401286699227710657717042004","221315977249009282408638618976897778210","85081731067616245806983882650873928529","316816052792944076988885462262295553000","140795969639090682580104128481245347001","337921668248572409261025329091236731088","322662849246620244129893357995968654720","139129089983664537254021115339071973024"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/stats/server_write_concern_metrics.h"},"id":"CVE-2018-25004-b0b4d100"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["237400362462509855521162240267304109465","138213187957212041136849490992355571099"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/mmap_v1/mmap_v1_engine.cpp"},"id":"CVE-2018-25004-b26dfc41"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["309478038334604828554488508337060744398","213353090999761815903164213102747039166","55186039614674523529953708777227427648"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/kv/kv_catalog.cpp"},"id":"CVE-2018-25004-b351fa51"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["302624993183062204048278633001442083999","176324108564214046684063447497008855585","234588084196982445363764813792965220599"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/kv/kv_storage_engine.cpp"},"id":"CVE-2018-25004-d2863616"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["264847377511905547030906657090864239207","274916272222682279642606153787195231907","141514494756903655265486727551076284484"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/storage/kv/kv_catalog.h"},"id":"CVE-2018-25004-daf39296"},{"signature_type":"Line","source":"https://github.com/mongodb/mongo/commit/b4339db12bf57ffee5b84a95c6919dbd35fe31c9","digest":{"threshold":0.9,"line_hashes":["296100516078241894187237052193767752394","22218318703697547448834853146627914408","91718185933153454862305360398616321363","282800985864526163205727656150985139192","23530905397657686113378254583042863476","215016091989884169880998989335967588106","307112610138656896659992725495051951302"]},"signature_version":"v1","deprecated":false,"target":{"file":"src/mongo/db/catalog/database_impl.cpp"},"id":"CVE-2018-25004-e09d6516"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}