CVE-2020-7925
Last modified
CVE-2020-7925 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mongodb | Mongodb | >= 4.2.0, < 4.2.9 | — |
| Mongodb | Mongodb | 4.4.0 | Rc1 |
References
- https://jira.mongodb.org/browse/SERVER-49142Issue Tracking, Vendor Advisory
- https://jira.mongodb.org/browse/SERVER-49142Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7925?
How severe is CVE-2020-7925?
How do I fix CVE-2020-7925?
Are you affected by CVE-2020-7925?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST