CVE-2020-7925

Summary

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

Affected Software

VendorProductVersion RangeStatus
MongoDB Inc.MongoDB Server4.2 < 4.2.9affected
MongoDB Inc.MongoDB Server4.4 < 4.4.0-rc12affected

Weaknesses

  • CWE-475: CWE-475 Undefined Behavior for Input to API

ADP Enrichment

CVE Program Container

Additional References

References