CVE-2020-7925
23.11.2020, 15:15
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mongodb | mongodb | 4.2.0 ≤ 𝑥 < 4.2.9 |
| mongodb | mongodb | 4.4.0:rc1 |
| mongodb | mongodb | 4.4.0:rc10 |
| mongodb | mongodb | 4.4.0:rc11 |
| mongodb | mongodb | 4.4.0:rc2 |
| mongodb | mongodb | 4.4.0:rc3 |
| mongodb | mongodb | 4.4.0:rc4 |
| mongodb | mongodb | 4.4.0:rc5 |
| mongodb | mongodb | 4.4.0:rc6 |
| mongodb | mongodb | 4.4.0:rc7 |
| mongodb | mongodb | 4.4.0:rc8 |
| mongodb | mongodb | 4.4.0:rc9 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-475 - Undefined Behavior for Input to APIThe behavior of this function is undefined unless its control parameter is set to a specific value.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.