Candidate: CVE-2020-7925
PublicDate: 2020-11-23 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7925
 https://jira.mongodb.org/browse/SERVER-49142
Description:
 Incorrect validation of user input in the role name parser may lead to use
 of uninitialized memory allowing an unauthenticated attacker to use a
 specially crafted request to cause a denial of service. This issue affects:
 MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2
 versions prior to 4.2.9.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_mongodb:
upstream_mongodb: needs-triage
precise/esm_mongodb: DNE
trusty_mongodb: ignored (out of standard support)
trusty/esm_mongodb: needs-triage
xenial_mongodb: ignored (end of standard support, was needs-triage)
bionic_mongodb: needs-triage
focal_mongodb: needs-triage
groovy_mongodb: DNE
hirsute_mongodb: DNE
impish_mongodb: DNE
jammy_mongodb: DNE
devel_mongodb: DNE