$mod can result in undefined behavior

Vulnerability

The $mod operator in MongoDB Server is vulnerable to an integer overflow when processing specially crafted queries that cause negative values to overflow [1]. This affects MongoDB Server versions: v4.4 prior to 4.4.1, v4.2 prior to 4.2.9, v4.0 prior to 4.0.20, and v3.6 prior to 3.6.20 [1]. The vulnerability is classified as CWE-190: Integer Overflow or Wraparound.

Exploitation

An attacker with authorization to perform database queries can exploit this by issuing a specially crafted query that uses the $mod operator with values designed to trigger the integer overflow [1]. No additional privileges or user interaction beyond query authorization are required. The attack can be carried out over the network.

Impact

Successful exploitation leads to a denial of service condition, affecting the availability of the MongoDB server [1]. The CVSS score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity impact.

Mitigation

MongoDB has released fixed versions: 4.4.1, 4.2.9, 4.0.20, and 3.6.20 [1]. Users should upgrade to these versions or later. No workarounds are mentioned in the available references. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.