Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7925

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

Published

2020-11-23T15:15:11.543

Last Modified

2024-11-21T05:38:01.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-475
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mongodb	mongodb	< 4.2.9	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes
Application	mongodb	mongodb	4.4.0	Yes

References

https://jira.mongodb.org/browse/SERVER-49142 Issue Tracking, Vendor Advisory ([email protected])
https://jira.mongodb.org/browse/SERVER-49142 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)