CVE-2020-7926 — Improper Handling of Exceptional Conditions in INC Mongodb Server

CWE-755 — Improper Handling of Exceptional Conditions CWE-248 — Uncaught Exception4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedNov 23

Latest updateMay 24

Description

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mongodb_inc/mongodb_server4.4 — 4.4.1

▶NVDmongodb/mongodb4.4.0 — 4.4.1

🔴Vulnerability Details

GHSA

GHSA-rqw4-wgg4-99m9: A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the serv↗2022-05-24

▶

CVEList

Specific query can cause a DoS against MongoDB Server↗2020-11-23

▶

📋Vendor Advisories

Red Hat

mongodb: Denial of service via crafted queries which violates an invariant in the server selection subsystem↗2020-11-23

▶