Operational Defect Database
BugZero found this defect 32 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
MongoDB | 2645724
nextUpdate time in OCSP response may cause server crash
Last update date:
4/17/2024
Affected products:
MongoDB Server
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
If OCSP stapling is enabled, the server starts a periodic job to fetch OCSP status from the responder. Unless ocspStaplingRefreshPeriodSecs is configured to have a shorter duration, the OCSP fetcher will use a duration calculated from the OCSP response's nextUpdate field (if it has one). If this calculated duration (in Milliseconds) is too large, it will cause an overflow when PeriodicJobImpl calculates the deadline for the next execution of the fetch job. The overflow, in turn results in server crash by way of an unhandled uassert.
Top User Comments
Steps to Reproduce
