BIT-mongodb-2020-7925

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2020-7925.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mongodb-2020-7925

Aliases

CVE-2020-7925

Published

2024-03-06T10:58:54.976Z

Modified

2025-05-20T10:02:07.006Z

Summary

Denial of Service when processing malformed Role names

Details

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

Database specific

{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc10:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc11:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc6:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc7:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc8:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc9:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

4.2.0

Fixed

4.2.9