Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.0.19, 4.2.8, 4.4.0-rc7, 4.7.0
Affects Version/s: 4.2.6, 4.0.18, 4.4.0-rc2
Component/s: Querying
Labels:
- qexec-team

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.4, v4.2, v4.0
Sprint:
Query 2020-05-04, Query 2020-05-18
Case:
Linked BF Score:
8

CVE-2020-7923

Affected versions:
This issue affects - MongoDB Inc. MongoDB Server:

Title:
Specific GeoQuery can cause DoS against MongoDB Server

Description:
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.

CVSS score:
6.5 using the following scoring metrics:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE:
'CWE-755: Improper Handling of Exceptional Conditions'.

v4.4 versions prior to 4.4.0-rc7;
v4.2 versions prior to 4.2.8;
v4.0 versions prior to 4.0.19.

Assignee:: Drew Paroski

Reporter:: Ian Boros

Participants:: Drew Paroski, Githook User, Ian Boros

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: Apr 24 2020 09:40:26 PM UTC

Updated:: Oct 29 2023 10:09:03 PM UTC

Resolved:: May 01 2020 04:30:34 PM UTC

Details

Description

Attachments

Activity

People

Dates