CVE-2020-7925

🗓️ 23 Nov 2020 14:50:12Reported by mongodbType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 91 Views

CVE-2020-7925: Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to cause denial of service

Reporter	Title	Published	Views	Family All 21
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to MongoDB vulnerabilities (CVE-2020-7926, CVE-2020-7925, CVE-2020-7928)	26 Feb 202116:19	–	ibm
Circl	CVE-2020-7925	23 Nov 202018:45	–	circl
CNNVD	MongoDB Server Input Validation Error Vulnerability	23 Nov 202000:00	–	cnnvd
CNNVD	MongoDB Security Vulnerabilities	23 Nov 202000:00	–	cnnvd
Cvelist	CVE-2020-7925 Denial of Service when processing malformed Role names	23 Nov 202014:50	–	cvelist
Debian CVE	CVE-2020-7925	23 Nov 202014:50	–	debiancve
Tenable Nessus	Dell Wyse Management Suite < 3.2 Multiple Vulnerabilities (DSA-2021-070)	7 Apr 202100:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-7925	3 Sep 202500:00	–	nessus
EUVD	EUVD-2020-28855	7 Oct 202500:30	–	euvd
MongoDB	Denial of Service when processing malformed Role names	30 Nov 202000:00	–	mongodb

NVD

Node

mongodb mongodbRange4.2.0–4.2.9

mongodb mongodbMatch4.4.0rc1

mongodb mongodbMatch4.4.0rc10

mongodb mongodbMatch4.4.0rc11

mongodb mongodbMatch4.4.0rc2

mongodb mongodbMatch4.4.0rc3

mongodb mongodbMatch4.4.0rc4

mongodb mongodbMatch4.4.0rc5

mongodb mongodbMatch4.4.0rc6

mongodb mongodbMatch4.4.0rc7

mongodb mongodbMatch4.4.0rc8

mongodb mongodbMatch4.4.0rc9

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "4.2.9",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      },
      {
        "lessThan": "4.4.0-rc12",
        "status": "affected",
        "version": "4.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-49142

21 Nov 2024 05:38Current

7.3High risk

Vulners AI Score7.3

CVSS 25

CVSS 3.17.5

EPSS0.01665

cve-2020-7925 mongodb inc.mongodb server denial of service uninitialized memory security vulnerability nvd cve