CVE-2019-20925 — HIGH (7.5)

Q: How severe is CVE-2019-20925?

CVE-2019-20925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-20925?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Mongodb.

Vulnerability Description

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mongodb	Mongodb	>= 3.4.0, < 3.4.24

Related Weaknesses (CWE)

CWE-697 CWE-839

References

https://jira.mongodb.org/browse/SERVER-43751Issue TrackingPatchVendor Advisory
https://jira.mongodb.org/browse/SERVER-43751Issue TrackingPatchVendor Advisory

FAQ

What is CVE-2019-20925?

CVE-2019-20925 is a vulnerability with a CVSS score of 7.5 (HIGH). An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects Mon...

How severe is CVE-2019-20925?

CVE-2019-20925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-20925?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Mongodb.