PT-2020-19853 · Mongodb+1 · Mongodb Server+2

Bernard Gorman

Published

2020-11-23

Updated

2024-09-17

CVE-2020-7928

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 4.5.1 MongoDB Server versions 4.4 prior to 4.4.1 MongoDB Server versions 4.2 prior to 4.2.9 MongoDB Server versions 4.0 prior to 4.0.20 MongoDB Server versions 3.6 prior to 3.6.20

Description A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries.

Recommendations For MongoDB Server version 4.5, update to version 4.5.1 or later. For MongoDB Server version 4.4, update to version 4.4.1 or later. For MongoDB Server version 4.2, update to version 4.2.9 or later. For MongoDB Server version 4.0, update to version 4.0.20 or later. For MongoDB Server version 3.6, update to version 3.6.20 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-158

Related Identifiers

ALT-PU-2022-3039

BIT-MONGODB-2020-7928

CVE-2020-7928

Affected Products

Alt Linux

Mongodb Server

Mongodb

PT-2020-19853 · Mongodb+1 · Mongodb Server+2

CVE-2020-7928

Weakness Enumeration

Related Identifiers

Affected Products

References · 10