First published: Mon Nov 23 2020(Updated: )
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | >=3.6.0<3.6.20 | |
MongoDB MongoDB | >=4.0.0<4.0.20 | |
MongoDB MongoDB | >=4.2.0<4.2.9 | |
MongoDB MongoDB | >=4.4.0<4.4.1 | |
MongoDB MongoDB | >=4.5.0<4.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7928 is a vulnerability that allows a user authorized to perform database queries to trigger a read overrun and access arbitrary memory by issuing specially crafted queries.
CVE-2020-7928 affects MongoDB Inc. MongoDB Server versions v4.4 prior to 4.4.1, v4.2 prior to 4.2.9, v4.0 prior to 4.0.20, and v3.6 prior to 3.6.20.
CVE-2020-7928 has a severity rating of 6.5 (Medium).
To fix the CVE-2020-7928 vulnerability, update MongoDB Server to version 4.4.1 for v4.4, 4.2.9 for v4.2, 4.0.20 for v4.0, and 3.6.20 for v3.6.
More information about CVE-2020-7928 can be found at the following reference: [https://jira.mongodb.org/browse/SERVER-49404](https://jira.mongodb.org/browse/SERVER-49404).