CVE-2020-7923 — Improper Handling of Exceptional Conditions in INC Mongodb Server

CWE-755 — Improper Handling of Exceptional Conditions CWE-20 — Improper Input Validation7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedAug 21

Latest updateMay 24

Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mongodb_inc/mongodb_server4.4 — 4.4.0-rc7+2

▶NVDmongodb/mongodb4.0 — 4.0.19+2

Patches

Patch: jira.mongodb.org ↗Patch: jira.mongodb.org ↗

🔴Vulnerability Details

GHSA

GHSA-2cg2-x4m3-3vpp: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the quer↗2022-05-24

▶

OSV

CVE-2020-7923: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the quer↗2020-08-21

▶

CVEList

Specific GeoQuery can cause DoS against MongoDB Server↗2020-08-21

▶

📋Vendor Advisories

Red Hat

mongodb: GeoQuery can lead to DoS↗2020-04-24

▶

💬Community

Bugzilla

CVE-2020-7923 mongodb: GeoQuery can lead to DoS [epel-all]↗2020-08-24

▶

Bugzilla

CVE-2020-7923 mongodb: GeoQuery can lead to DoS↗2020-08-21

▶