CVE-2020-7925
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server | 4.2 < 4.2.9 | affected |
| MongoDB Inc. | MongoDB Server | 4.4 < 4.4.0-rc12 | affected |
Weaknesses
- CWE-475: CWE-475 Undefined Behavior for Input to API
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.