CVE-2020-7925

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-7925
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7925.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7925
Aliases
Downstream
Published
2020-11-23T15:15:11.543Z
Modified
2026-04-10T04:28:14.341537Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Introduced
a4b751dcf51dd249c5865812b390cfd1c0129c30
Fixed
06402114114ffc5146fd4b55402c96f1dc9ec4b5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
02869c7db07512f9492d00fcb7544e623fd21c84
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5218ee3e883b0230e121ae13a7640e0bc4a313ae
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f4273b8a9d14ed989477748cd46d51eaccf65140
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8279c67d309858027cdb4d079ef9fd7122b1690
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
201b8eb58920634b4519a8d3ea9b4c8c022b0875
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d2274bb6e1f8b21d73121a2fcb20b6628f652bbe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bbdf0a11d1c61be0760a829e82799129beac7be0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
328c35e4b883540675fb4b626c53a08f74e43cf0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b79b53f55a5c148fd297b81a45c08d08e2cf8f94
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ff99a2afe938bf7aec7e4bbfb0a922d7f70d6712
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bea79f76addfe4b754c8696db029c5b3c762041c
Database specific 
{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.4.0-rc9"
        }
    ]
}

Affected versions

0.*
0.9.1
1.*
1.7-cut
r0.*
r0.0.3
r0.0.4_rc1
r0.0.6_rc1
r0.0.7_rc1
r0.0.7_rc2
r0.0.7_rc3
r0.0.7_rc4
r0.0.9_rc1
r0.1.0_rc1
r0.1.2_rc1
r0.1.3_rc1
r0.1.4_rc1
r0.1.5_rc1
r0.1.6_rc1
r0.2.1
r0.9.1
r0.9.10
r0.9.5
r0.9.6
r0.9.8
r0.9.9
r1.*
r1.1.1
r1.1.3
r1.3.0
r1.3.4
r1.5.0
r1.5.1
r1.5.2
r1.5.5
r1.5.6
r1.7.5
r1.7.6
r1.8.0-rc0
r2.*
r2.1.1
r2.1.2
r2.2.0-rc0
r2.3.1
r2.3.2
r2.4.0-rc0
r2.4.0-rc1
r2.4.0-rc2
r2.4.0.rc1
r2.5.1
r2.5.2
r2.5.3
r2.5.4
r2.5.5
r2.6.0-rc0
r2.6.0-rc1
r2.7.0
r2.7.1
r2.7.2
r2.7.3
r2.7.4
r2.7.5
r2.7.6
r2.7.7
r2.7.8
r2.8.0-rc0
r2.8.0-rc1
r2.8.0-rc2
r2.8.0-rc3
r2.8.0-rc4
r2.8.0-rc5
r3.*
r3.1.0
r3.1.1
r3.1.2
r3.1.3
r3.1.4
r3.1.5
r3.1.6
r3.1.7
r3.1.8
r3.1.9
r3.2.0
r3.2.0-rc0
r3.2.0-rc1
r3.2.0-rc2
r3.2.0-rc3
r3.2.0-rc4
r3.2.0-rc5
r3.2.0-rc6
r3.3.0
r3.3.1
r3.3.10
r3.3.11
r3.3.12
r3.3.13
r3.3.14
r3.3.15
r3.3.2
r3.3.3
r3.3.4
r3.3.5
r3.3.6
r3.3.7
r3.3.8
r3.3.9
r3.4.0-rc0
r3.4.0-rc1
r3.4.0-rc2
r3.4.0-rc3
r3.5.0
r3.5.1
r3.5.10
r3.5.11
r3.5.12
r3.5.13
r3.5.2
r3.5.3
r3.5.4
r3.5.5
r3.5.6
r3.5.7
r3.5.8
r3.5.9
r3.6.0-rc0
r3.6.0-rc1
r3.6.0-rc2
r3.6.0-rc3
r3.6.0-rc4
r3.7.0
r3.7.1
r3.7.2
r3.7.3
r3.7.4
r3.7.5
r3.7.6
r3.7.7
r3.7.8
r3.7.9
r4.*
r4.0.0-rc0
r4.1.0
r4.1.1
r4.1.10
r4.1.11
r4.1.12
r4.1.13
r4.1.2
r4.1.3
r4.1.4
r4.1.5
r4.1.6
r4.1.7
r4.1.8
r4.1.9
r4.2.0
r4.2.1
r4.2.1-rc0
r4.2.2
r4.2.2-rc0
r4.2.2-rc1
r4.2.3
r4.2.3-rc0
r4.2.3-rc1
r4.2.4
r4.2.4-rc0
r4.2.5
r4.2.5-rc0
r4.2.5-rc1
r4.2.6
r4.2.6-rc0
r4.2.7
r4.2.7-rc0
r4.2.7-rc1
r4.2.8
r4.2.8-rc0
r4.3.0
r4.3.1
r4.3.2
r4.3.3
r4.3.4
r4.3.5
r4.3.6
r4.4.0-rc0
r4.4.0-rc1
r4.4.0-rc10
r4.4.0-rc11
r4.4.0-rc2
r4.4.0-rc3
r4.4.0-rc4
r4.4.0-rc5
r4.4.0-rc6
r4.4.0-rc7
r4.4.0-rc8
r4.4.0-rc9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7925.json"