CVE-2020-7923
- Source
- https://cve.org/CVERecord?id=CVE-2020-7923
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7923.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-7923
- Aliases
- Downstream
- Related
- Published
- 2020-08-21T15:15:13.273Z
- Modified
- 2026-03-14T06:51:42.964871Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.10
r4.0.10-rc0
r4.0.10-rc1
r4.0.11
r4.0.11-rc0
r4.0.12
r4.0.12-rc0
r4.0.12-rc1
r4.0.12-rc2
r4.0.13
r4.0.13-rc0
r4.0.14
r4.0.14-rc0
r4.0.14-rc1
r4.0.15
r4.0.15-rc0
r4.0.16
r4.0.16-rc0
r4.0.17
r4.0.17-rc0
r4.0.18
r4.0.18-rc0
r4.0.2
r4.0.2-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5
r4.0.5-rc0
r4.0.5-rc1
r4.0.6
r4.0.6-rc0
r4.0.6-rc1
r4.0.7
r4.0.7-rc0
r4.0.7-rc1
r4.0.8
r4.0.8-rc0
r4.0.9
r4.0.9-rc0
r4.2.0
r4.2.1
r4.2.1-rc0
r4.2.2
r4.2.2-rc0
r4.2.2-rc1
r4.2.3
r4.2.3-rc0
r4.2.3-rc1
r4.2.4
r4.2.4-rc0
r4.2.5
r4.2.5-rc0
r4.2.5-rc1
r4.2.6
r4.2.6-rc0
r4.2.7
r4.2.7-rc0
r4.2.7-rc1
r4.4.0
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-041593e4",
"target": {
"file": "src/mongo/db/query/query_planner.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"210502564269397634484694690577879701571",
"150638391396146628064997188091519846956",
"262985534973614454297150204020818941115",
"307555412863655185976203354699801168102"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/7e28f4296a04d858a2e3dd84a1e79c9ba59a9568"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-0559d6de",
"target": {
"file": "src/third_party/wiredtiger/test/format/backup.c",
"function": "backup"
},
"digest": {
"length": 3098.0,
"function_hash": "337270227087683624317347917629988926594"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-0fefd590",
"target": {
"file": "src/mongo/db/query/query_planner.cpp",
"function": "QueryPlanner::plan"
},
"digest": {
"length": 13438.0,
"function_hash": "128018911210233047538589186700864816778"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/7e28f4296a04d858a2e3dd84a1e79c9ba59a9568"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-105a82e9",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 261.0,
"function_hash": "38086480016173439480157576582032341471"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-1703faef",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 489.0,
"function_hash": "107674678104504407920690858171960014160"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-171cc16f",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 541.0,
"function_hash": "254695750081945127283574835965549044873"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-1bcb268e",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 596.0,
"function_hash": "184826615642318452398861195233040278193"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-1d00c98a",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 234.0,
"function_hash": "97502516797953081827587352506958640628"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-1fa3e084",
"target": {
"file": "src/third_party/wiredtiger/test/format/config.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"218992279791686598497103262810554531666",
"89042766493202595206350868633703456109",
"36586076858943931566632472314033210701",
"231913544537564456857228583000698435866",
"327390541182230257621540059402830428320",
"235492737746509254301248260780151001981",
"320290314074381421237610664552362534661",
"40367980633187076527367735064606847000",
"143776247002275814257489618636200934536",
"307085405476522659214881394259638885982",
"179167338553553326624203706772744593295",
"189141677734189866293763343849068271303",
"168796573672783060897495388077642159493",
"165440754803260892254325221351592520355",
"1863573822871586357626305170129475991"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-26c99f66",
"target": {
"file": "src/third_party/wiredtiger/test/format/config.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"216846367823032389740209946500907732726",
"170226090322004586754470038799383849515",
"250487995567523634011697259764056773362"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-351e8a3e",
"target": {
"file": "src/third_party/wiredtiger/src/config/config_def.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"253773733569437096279919413473320453565",
"117522162931673973494172086894747349254",
"44100967495080020490256846304317598612",
"110206703684065290658905410775439362201"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-380ba4db",
"target": {
"file": "src/mongo/db/pipeline/document_source_sort.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"137784393806372729564724256422949125547",
"178127192872676486544900635179934022486",
"64013164475572969269372087284849063925",
"289168646365602857557656953185494082819",
"305472833324533711957192944659653929411",
"330268105212934568041274811638373744045",
"132754566128777518128578664998294405929",
"131265530268646010286468923313717955077",
"52272309141852935958769927126015823365",
"279020376864375458010361883518716832768",
"170672314384988416855958449929048190421",
"219532388204805905526180537914375265570",
"295771902971414118268780375061258493197",
"298282847380543409658675033773905561085",
"177398587584164110807364249445814081842",
"177430691090429661637846486654023946855"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-3b05506b",
"target": {
"file": "src/third_party/wiredtiger/src/block/block_ckpt.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"241892299792838698739839219063901781590",
"157089014343856062777782405547325141823",
"66624041147001788807212184180881962260",
"18199657745959815365015212403691366691",
"4056209672568793141791155187922016742",
"215011593724935374759229137805828680563",
"316257851809764696378832094891200056084",
"77324722065294319613231351807355147950",
"314768339528331392515442310238390852143",
"114522456658231066151397629045856223848",
"42756310014607250687467254545475472130",
"73123087534252061188877814532060788700",
"104157090988469134252987921009502591322"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-49b67d21",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 265.0,
"function_hash": "253744734930846488256525133173652530663"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-7145954d",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 293.0,
"function_hash": "96685577201058821722159970172498073021"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-8a52401f",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 358.0,
"function_hash": "152604341388677998067636377678236324569"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-91a4f33f",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 317.0,
"function_hash": "219092234822380632978093458231345274322"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-afb7b7c8",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 293.0,
"function_hash": "301433762554939693130586965362612154952"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-b0546035",
"target": {
"file": "src/third_party/wiredtiger/test/format/config.c",
"function": "config_backup_incr"
},
"digest": {
"length": 1064.0,
"function_hash": "74490169043178379737238508106958636712"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-b8e37851",
"target": {
"file": "src/mongo/db/query/canonical_query.cpp",
"function": "CanonicalQuery::isValid"
},
"digest": {
"length": 2222.0,
"function_hash": "222516304655777792257786603733797567448"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/7e28f4296a04d858a2e3dd84a1e79c9ba59a9568"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-bc02f05b",
"target": {
"file": "src/mongo/db/query/canonical_query.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"146331886397502422443017599845515505469",
"110121895314789618581658858197747108315",
"120332860573347359718878595428701043838"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/7e28f4296a04d858a2e3dd84a1e79c9ba59a9568"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-c371fcfe",
"target": {
"file": "src/third_party/wiredtiger/test/csuite/incr_backup/main.c",
"function": "base_backup"
},
"digest": {
"length": 1519.0,
"function_hash": "19267195455063659516269475013591792170"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-c3ebece6",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp",
"function": "TEST"
},
"digest": {
"length": 291.0,
"function_hash": "333950620142844055370625990760638756885"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-cdc383ff",
"target": {
"file": "src/third_party/wiredtiger/test/format/format.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"30017073101351118693011983787713735400",
"10686119799949325068793962799306740937",
"109443482271218567410016318859434105788",
"250020134799616902375006352090337544263"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-cf16ecb5",
"target": {
"file": "src/third_party/wiredtiger/test/csuite/incr_backup/main.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"314239835302470523210108244278762671102",
"97724655864014649122905802074659898210",
"205554397105472035177593116614835547527",
"154034353929008333343623439527447847501",
"196470441252828177692410868449379074746",
"152304656832586598071387324377924838035",
"177076611962881919596937466135463430917",
"149279433419170391612647971566309032358",
"59096674565522183480022554976122351695",
"292248529203255766452282421379619321340",
"141814626593235475385457063073970721752",
"135912147692851043796484591591808497392",
"251412223565800709085700590100949795980",
"263180073205616176806889300031627672864"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-e0039b3c",
"target": {
"file": "src/third_party/wiredtiger/test/format/backup.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"324090161955849461220679940798268177821",
"200025815680808732616642580893232362226",
"136516110501456160047349779634404604405",
"294652898588311039526904257211922145040",
"254389262549946983513145636695499294139",
"152658846313560045446621919702461859811",
"50300023122388620338601299409412432106",
"39669040638762985840667672285505355929",
"195838363209150398428173525881786990653",
"175770157942173358454562199584866679914"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-ebbc4dd6",
"target": {
"file": "src/mongo/db/pipeline/document_source_sort.cpp",
"function": "DocumentSourceSort::doOptimizeAt"
},
"digest": {
"length": 677.0,
"function_hash": "110857188493065663927802696296632953872"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-7923-fde85b0f",
"target": {
"file": "src/third_party/wiredtiger/src/block/block_ckpt.c",
"function": "__ckpt_add_blkmod_entry"
},
"digest": {
"length": 926.0,
"function_hash": "235631775541657763911264311435026634570"
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/43d25964249164d76d5e04dd6cf38f6111e21f5f"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-7923-ff37c59e",
"target": {
"file": "src/mongo/db/pipeline/pipeline_test.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"290871941152540868636695105063816889105",
"110338354782815470144862121289724215604",
"91594602700067030800236577283047350126",
"166967659970288921013115319795137923915",
"293903217642285735455138319342142543318",
"323062367984336758299268509490569884065",
"201379912051132237825064008784361107320",
"47375867444116406857167172806692343818",
"339435574807019495435584554078447817996",
"42438563614372010244069508023836631832",
"206218325248926177976010546548443697143",
"222304810943441824576010035940332735424",
"243270794440961014146975230480040976958",
"246887345383818835043054024253252922284",
"211489809189690770739934891897043106512",
"188940242060078893844501449278180808191",
"214744867453355929545798180836099324341",
"228647526448451025462731180707866487616",
"201379912051132237825064008784361107320",
"47375867444116406857167172806692343818",
"339435574807019495435584554078447817996",
"42438563614372010244069508023836631832",
"206218325248926177976010546548443697143",
"222304810943441824576010035940332735424",
"180674565429901025057735172457788551383",
"34976569400273810551931041137780121303",
"153893580575115613805186874790375454346",
"24057764137894646739832820623565311853",
"256908119299844797916057525167372720791",
"177270077749137788968148474147849175864",
"270472905408226199821348190168831620498",
"187159431080194068930635140174921113606",
"112071096545009577796867005417527871545",
"276981038581880161853442774034065123468",
"281008461980091396043133932909502924178",
"319506595136239090976069617958657517271",
"77853994074975852987951516648867102516",
"105333431234202508632363638632059103818",
"336344946382591424259833401973266521509",
"255539726720890838098287431059233741423",
"151460498885713964969471739786743348193",
"110619825272685184599947333452653233265",
"273454664095677999254317663064307051",
"227769689050046447095958032690563921620",
"310609557152109093403117093346362531723",
"19627599325434878720845601960604920896",
"305958439308979755801024409643669255546",
"263236216298730210083982710482675817083",
"230840642027669049643275581948798764344",
"13600964405765970479576241962356103422",
"308592349426128880940327501363554557547",
"247931438294847962857847622265466324129",
"220791804644686717631771024377813318231",
"238776087321455409825846759818694201947",
"66148029925314440556725879315188667259",
"103325463968259766349888146097150594668",
"175736436515680210680764959115235917900",
"50057339351456185945639277755175215651",
"120926404028552239113633941999560215445",
"165035006328843819393436484597648211564",
"245105932028946238754575198780187383598",
"316525060099008535482530150240906370760",
"318420557697833436188113802699495517106",
"54333298954088755841208898359644044864",
"1330679860486569256470348394054000401",
"232436864031586645107008015819784078545",
"128141296429695482793347842815146069106",
"117557373344703425711088233667150856844",
"186617439957911734627274168576267748049",
"165302785995032101507951823002013556746",
"331000412570746980131094603978133147346",
"246492665447612029299105885992367516076",
"181586438081358375903688759570226569542",
"283236084874630380478127213533403171718",
"166176736678764559382563883469402244195",
"161524300075148398774098353605383515299",
"139047053240843104410559977134459710792",
"262456180710042445006957858236249880450",
"128141296429695482793347842815146069106",
"117557373344703425711088233667150856844",
"186617439957911734627274168576267748049",
"165302785995032101507951823002013556746",
"331000412570746980131094603978133147346",
"246492665447612029299105885992367516076",
"151998642174259467435955386113616264459",
"54805489994598189447834358358144743823",
"226008854824264706563793015996248119526",
"160012841525953806322967601082727257419",
"138899191243162612103768164580030127227",
"178282787939666762828500166108852256599",
"123902438707421379172644113256288025283",
"312185640098767143646121793012630847309",
"317786011966215450353581416864120229491",
"271349684914700171035388904137820942817",
"81958900552529823833921434915661582209",
"102733325097980495206834115179389408907",
"15941741369660782653898686122241015329",
"200234299949525338925514805613289135054",
"123594271301231609262604156683279860079",
"313427386153239886502950834090897643328",
"242472139150080710463993369458017765575",
"104864658583231692778211742166899667217",
"248558742211869191628751597590780543081",
"218328068261036753487424524380566699826",
"35532913884396032560912703594791202063",
"18007017581316790806742149018692061074",
"310183375039504770483181596431308188619",
"317064099645842149756180306344296997291",
"172674599393426350704418614845467875039",
"252768667183996564452257454474126493035",
"8595734720307105440473841498301928245",
"259529363011026308734960250822195328075",
"167866651775203545779081686089500320034",
"279271070306754531714316263958682975392",
"26521764274571161625062453614151553073",
"236913316240951816885984307588757729109",
"172698866707767397933152200770667607988",
"107399220183290000175948259818212208623",
"287581524015393167953076190904162454970",
"268165290034590297009033537613268895266",
"250111068954554717794661863563732092249",
"339819496454338295815453306197296871014",
"122073799117977402204999167787421208693",
"306566561891149067702565270117279806137",
"261571741801876489999692219991286203911",
"27140121257564280802244974182566104293",
"74299947687728240070656746409173528267",
"253210480892886002617687632037342852751",
"218530944387782015137154507611581948507",
"336790542048325898166046841218420611539",
"40024043730725944183558224917140787406",
"169989188717746027318720475647418137298",
"180247454712770766606412770707841746291",
"233194043815838337434549358596890552661",
"163948792355707085833805997723976907554"
]
},
"signature_version": "v1",
"source": "https://github.com/mongodb/mongo/commit/563487e100c4215e2dce98d0af2a6a5a2d67c5cf"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7923.json"