CVE-2019-20925

Опубликовано: 01 окт. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Advanced Cluster Management for Kubernetes 2	mongodb	Not affected
Red Hat OpenStack Platform 10 (Newton)	mongodb	Out of support scope
Red Hat Software Collections	rh-mongodb36-mongodb	Will not fix
Red Hat Update Infrastructure 3 for Cloud Providers	mongodb	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-839

https://bugzilla.redhat.com/show_bug.cgi?id=1901527mongodb: DoS via malformed network packet

EPSS

Процентиль: 64%

0.00478

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-20925

CVSS3: 7.5

ubuntu

около 5 лет назад

CVE-2019-20925

CVSS3: 7.5

nvd

около 5 лет назад

CVE-2019-20925

CVSS3: 7.5

debian

около 5 лет назад

An unauthenticated client can trigger denial of service by issuing spe ...

GHSA-q4wj-8854-jvxq

CVSS3: 7.5

github

больше 3 лет назад

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

EPSS

Процентиль: 64%

0.00478

Низкий

7.5 High

CVSS3