CVE-2019-20925

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.
References
Link Resource
https://jira.mongodb.org/browse/SERVER-43751 Issue Tracking Patch Vendor Advisory
https://jira.mongodb.org/browse/SERVER-43751 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:39

Type Values Removed Values Added
References () https://jira.mongodb.org/browse/SERVER-43751 - Issue Tracking, Patch, Vendor Advisory () https://jira.mongodb.org/browse/SERVER-43751 - Issue Tracking, Patch, Vendor Advisory

17 Sep 2024, 00:15

Type Values Removed Values Added
Summary (en) An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24. (en) An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

23 Jan 2024, 15:15

Type Values Removed Values Added
Summary An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24. An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

Information

Published : 2020-11-24 11:15

Updated : 2024-11-21 04:39


NVD link : CVE-2019-20925

Mitre link : CVE-2019-20925

CVE.ORG link : CVE-2019-20925


JSON object : View

Products Affected

mongodb

  • mongodb
CWE
CWE-839

Numeric Range Comparison Without Minimum Check

CWE-697

Incorrect Comparison