CVE-2019-20925

Опубликовано: 24 нояб. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

Релиз	Статус	Примечание
bionic	released	1:3.6.3-0ubuntu1.4
devel	DNE
esm-apps/bionic	released	1:3.6.3-0ubuntu1.4
esm-apps/focal	released	1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
focal	released	1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3
groovy	DNE
hirsute	DNE
impish	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 64%

0.00478

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-20925

CVSS3: 7.5

redhat

больше 6 лет назад

CVE-2019-20925

CVSS3: 7.5

nvd

около 5 лет назад

CVE-2019-20925

CVSS3: 7.5

debian

около 5 лет назад

An unauthenticated client can trigger denial of service by issuing spe ...

GHSA-q4wj-8854-jvxq

CVSS3: 7.5

github

больше 3 лет назад

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

EPSS

Процентиль: 64%

0.00478

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2019-20925

Описание

Пакет mongodb

Ссылки на источники

Связанные уязвимости