CVE-2020-7923
published 2020-08-21CVE-2020-7923: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.27%
66.3th percentile
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 4.0 < 4.0.19 | 4.0.19 |
| mongodb | mongodb | >= 4.2 < 4.2.8 | 4.2.8 |
| mongodb | mongodb | >= 4.4 < 4.4.0 | 4.4.0 |
| mongodb_inc | mongodb_server | >= 4.0 < 4.0.19 | 4.0.19 |
| mongodb_inc | mongodb_server | >= 4.2 < 4.2.8 | 4.2.8 |
| mongodb_inc | mongodb_server | >= 4.4 < 4.4.0-rc7 | 4.4.0-rc7 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mongodb: GeoQuery can lead to DoS
vendor_redhat·2020-04-24·CVSS 6.5
CVE-2020-7923 [MEDIUM] CWE-20 mongodb: GeoQuery can lead to DoS
mongodb: GeoQuery can lead to DoS
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
A flaw was found in mongodb. A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. The highest threat from this vulnerability is to system availability.
Statement: Red Hat Satellite 6.6 onward does not ship the MongoDB package; however, the product consumes MongoDB from Red Hat Softwa
GHSA
GHSA-2cg2-x4m3-3vpp: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the quer
ghsa_unreviewed·2022-05-24
CVE-2020-7923 [MEDIUM] CWE-755 GHSA-2cg2-x4m3-3vpp: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the quer
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.
OSV
CVE-2020-7923: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the quer
osv·2020-08-21·CVSS 6.5
CVE-2020-7923 [MEDIUM] CVE-2020-7923: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the quer
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-7923 mongodb: GeoQuery can lead to DoS [epel-all]
bugzilla·2020-08-24·CVSS 6.5
CVE-2020-7923 [MEDIUM] CVE-2020-7923 mongodb: GeoQuery can lead to DoS [epel-all]
CVE-2020-7923 mongodb: GeoQuery can lead to DoS [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. Whil
Bugzilla
CVE-2020-7923 mongodb: GeoQuery can lead to DoS
bugzilla·2020-08-21·CVSS 6.5
CVE-2020-7923 [MEDIUM] CVE-2020-7923 mongodb: GeoQuery can lead to DoS
CVE-2020-7923 mongodb: GeoQuery can lead to DoS
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.
Reference:
https://jira.mongodb.org/browse/SERVER-47773
Discussion:
Created mongodb tracking bugs for this issue:
Affects: epel-all [bug 1871959]
---
Upstream patch:
https://github.com/mongodb/mongo/commit/c8ced6df8f620daaa2e539f192f2eef356c63e9c
---
Red Hat Advanced Cluster Management for Kubernetes includes nodejs mongodb client, which is not affected by this flaw. the MongoDB ser
2020-08-21
Published