{"id":"CVE-2019-20925","details":"An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.","modified":"2026-04-11T09:40:07.071273Z","published":"2020-11-24T11:15:10.607Z","references":[{"type":"FIX","url":"https://jira.mongodb.org/browse/SERVER-43751"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"f4240c60f005be757399042dc12f6addbc3170c1"},{"fixed":"865b4f6a96d0f5425e39a18337105f33e8db504d"},{"introduced":"a57d8e71e6998a2d0afde7edc11bd23e5661c915"},{"fixed":"18934fb5c814e87895c5e38ae1515dd6cb4c00f7"},{"introduced":"3b07af3d4f471ae89e8186d33bbb1d5259597d51"},{"fixed":"bda366f0b0e432ca143bc41da54d8732bd8d03c0"},{"introduced":"a4b751dcf51dd249c5865812b390cfd1c0129c30"},{"fixed":"edf6d45851c0b9ee15548f0f847df141764a317e"}],"database_specific":{"versions":[{"introduced":"3.4.0"},{"fixed":"3.4.24"},{"introduced":"3.6.0"},{"fixed":"3.6.15"},{"introduced":"4.0.0"},{"fixed":"4.0.13"},{"introduced":"4.2.0"},{"fixed":"4.2.1"}]}}],"versions":["r3.4.0","r3.4.1","r3.4.1-rc0","r3.4.10","r3.4.10-rc0","r3.4.11","r3.4.11-rc0","r3.4.12","r3.4.12-rc0","r3.4.13","r3.4.14","r3.4.14-rc0","r3.4.15","r3.4.15-rc0","r3.4.16","r3.4.16-rc0","r3.4.17","r3.4.17-rc0","r3.4.18","r3.4.18-rc0","r3.4.19","r3.4.19-rc0","r3.4.2","r3.4.2-rc0","r3.4.20","r3.4.20-rc0","r3.4.21","r3.4.21-rc0","r3.4.22","r3.4.22-rc0","r3.4.23","r3.4.23-rc0","r3.4.3","r3.4.3-rc0","r3.4.3-rc1","r3.4.3-rc2","r3.4.4","r3.4.4-rc0","r3.4.5","r3.4.5-rc0","r3.4.5-rc1","r3.4.5-rc2","r3.4.5-rc3","r3.4.5-rc4","r3.4.6","r3.4.6-rc0","r3.4.7","r3.4.7-rc0","r3.4.8","r3.4.8-rc0","r3.4.8-rc1","r3.4.9","r3.4.9-rc0","r3.6.0","r3.6.1","r3.6.1-rc0","r3.6.1-rc1","r3.6.10","r3.6.10-rc0","r3.6.10-rc1","r3.6.11","r3.6.11-rc0","r3.6.11-rc1","r3.6.11-rc2","r3.6.12","r3.6.12-rc0","r3.6.12-rc1","r3.6.13","r3.6.13-rc0","r3.6.13-rc1","r3.6.14","r3.6.14-rc0","r3.6.15-rc0","r3.6.2","r3.6.2-rc0","r3.6.3","r3.6.3-rc0","r3.6.3-rc1","r3.6.4","r3.6.4-rc0","r3.6.5","r3.6.5-rc0","r3.6.6","r3.6.6-rc0","r3.6.7","r3.6.7-rc0","r3.6.7-rc1","r3.6.8","r3.6.8-rc0","r3.6.8-rc1","r3.6.9","r3.6.9-rc0","r4.0.0","r4.0.1","r4.0.1-rc0","r4.0.1-rc1","r4.0.10","r4.0.10-rc0","r4.0.10-rc1","r4.0.11","r4.0.11-rc0","r4.0.12","r4.0.12-rc0","r4.0.12-rc1","r4.0.12-rc2","r4.0.2","r4.0.2-rc0","r4.0.3","r4.0.3-rc0","r4.0.4","r4.0.4-rc0","r4.0.4-rc1","r4.0.4-rc2","r4.0.5","r4.0.5-rc0","r4.0.5-rc1","r4.0.6","r4.0.6-rc0","r4.0.6-rc1","r4.0.7","r4.0.7-rc0","r4.0.7-rc1","r4.0.8","r4.0.8-rc0","r4.0.9","r4.0.9-rc0","r4.2.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:40:07Z","vanir_signatures":[{"digest":{"function_hash":"88563506863816348792643253774850303631","length":419},"id":"CVE-2019-20925-08246d3d","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"createDecision","file":"src/mongo/db/query/plan_cache_test.cpp"}},{"digest":{"line_hashes":["145833193300829263815093619959792834653","141739842506030978420878266574201712259","5681300193421897265086609985336107031","23416780235187990765505941924242709963","211705289661276033185843944881892927039","77808117690666284459495385863840664504","141168227490049791543992584022170690141","94060295540232980400926337884612554637","269297509677511966288513532372015023282","199860750480018486150413706836853110584","320365769426476077228253572386017560091","332377467389842273791969416302457809597","324260954254317626999853672749382168036","329187142991194498215134351312150655672","153078981936364899798397891163369588526","65206942476627238094314939164877119391","83119420507919061632204831738073342421","137448103322541178119670836469431187635","188120379965028284353228656510535869971","73436373777843855015152398060668245936","193424558653448467926969511645414956396","298276017512682506485936427166627443649","221751383767959798166178131042906691329","214182087911167633230344747906651605272","302443318453155864418349517916062799501","266997465440179867633614801883805934652","282801011813592635978649869152663786278","231130651689918517080833995134616261601","64769007443646039009523180661478607600","150703742781495472228286500158978231672","255577578368451266404971000841499456397","214649768298755221500484691331604846227","27226942538547529939724359251966810749","90360872675656022193879786860450890837","100699218559626228471787421748658664166","152343914670772037564159128848596858690","222116126496161775642735301976472125168","337252612777610040330661034746672975035","244368415144440114048180698015267459392","157266754341603037656381231399749683524","104908562456719235440400812687677428242","190406408884986388649598417681595744226","213572341159520215195964398577141157757","150419959689464911722317266083483761719","50924221032119253761217754196106200019","156026232251455441984259571094414910052","6239547537621206502250781328756895724","36186400991449487921801058563831387560","63607599073012446706853916721396981394","7214359378485337098212345384306669373","312767525809281912389342221453216011802","48288399505403509327031566821087807486","157999237813538965981128784152943948066","122004647762023355786180830689927190338","251003937443480560097220179415601565515","201863995711955423992227119062582688609","299090813456499078462375012843168492372","142301461951540820395340062479564523057","173790115013110398852391416183385556755","315487389079350505053307760089914749078","227459380298636896374343762913622057503","105313141152578197277037203116064890708","31021545537355242104989504771008635405","162688650111438913020676705486366776253","151438442096016601206628657654445830658","331891929972483694307592583712782047388","251338426858050695300151572243660196148","193855559640097217533518585940928903387","223913180821602074717555283966762650589","4111910200292057643463723881128734054","337204282209949056771828557372077492346","60669225973627388672931491195638932749","212542566082685789464508009878078840924","202837023525755061336566789851293040132","38281872433598216154383784305180237033","76020752592094568047671388034074600107","282052303136209656522425812694653811939","185788780386003290913492578291905386238","178430925467300807373291569125128946820","13198060061679590127824426925249884182","79416738790317095639970344161536014011","53941753446956421338423603954120854702","178046328067169235121480583234288444818","202892516322963103888849281390300237038","65654237593940506743814959711678412762","269148911168536935736877298913424445382","319192385627332761654657857167860957819","298153012794924784608783642962051871366","169982189089493699133415501805424610268","295848451427055510952605871564851773345","223296113860959134461794572334190130369","1635786830503105852478961451304642479","117837465799885310138542400542261724547","122687461275626412862520631486277525980","5720227533842685084109874904151520207","48617181057642700584997890145628382434","228781692944016247257135114730679244429","233488793285402974142860406548669263685","260499099689992885474023894635322818593","125224580294262001181599841834431802105"],"threshold":0.9},"id":"CVE-2019-20925-098af417","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/exec/plan_stats.h"}},{"digest":{"function_hash":"281573653006956660351219059121017535487","length":211},"id":"CVE-2019-20925-0d3b17ca","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"TEST","file":"src/mongo/db/query/plan_cache_test.cpp"}},{"digest":{"function_hash":"96339803005142482024609499176296968739","length":909},"id":"CVE-2019-20925-196effe2","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"PlanCacheEntry::clone","file":"src/mongo/db/query/plan_cache.cpp"}},{"digest":{"function_hash":"153583316034701016863450158236203629789","length":329},"id":"CVE-2019-20925-212a89a8","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"PlanCacheEntry::PlanCacheEntry","file":"src/mongo/db/query/plan_cache.cpp"}},{"digest":{"function_hash":"88563506863816348792643253774850303631","length":419},"id":"CVE-2019-20925-3a054fda","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"createDecision","file":"src/mongo/db/commands/plan_cache_commands_test.cpp"}},{"digest":{"function_hash":"255042739183622024609276430967469055849","length":101},"id":"CVE-2019-20925-415e290f","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"canonicalize","file":"src/mongo/db/query/plan_cache_test.cpp"}},{"digest":{"line_hashes":["311585229928804332312393139368756626672","237427019080307473610045857819326403921","251489696431343076712366307077113973218","206129290887525359637240125015154964078"],"threshold":0.9},"id":"CVE-2019-20925-42537940","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/18934fb5c814e87895c5e38ae1515dd6cb4c00f7","deprecated":false,"target":{"file":"src/mongo/db/repl/oplog_interface_local.cpp"}},{"digest":{"line_hashes":["161807885964484618848167898115166634241","52945627923057985093954999467085024589","293825805400401079586138251683839610666","28163186767903627238756037441164508092"],"threshold":0.9},"id":"CVE-2019-20925-50df7a86","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/exec/multi_plan.cpp"}},{"digest":{"line_hashes":["61136972908346630356053302830320663846","118118881879348310099025935699188131016","223186108421483514039578429391916184004","288129797203832909697836491910761318289","159599776437664234900844614031349816087","340024205023684052831059486290023249278","149667923827913233483799948751738394204"],"threshold":0.9},"id":"CVE-2019-20925-74957a29","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/query/index_entry.h"}},{"digest":{"line_hashes":["116851727111516028974872059289684806254","42711407876439640114293562408505205855","321991082520651418879316524181986714800","199802583264245736728847592921189614568","164379646222252365382379823182625837546","300195039204037872950463249337269264341","251405029831526126388287183259586085469","145074268017090526804049390074913278111","339975797672208327457060657623026940120","63172199177124714613769634379079558331","118652653445016896527906913906221490457","98658200214386770096432972469309862322","258982985415662116319468674203533274657","146598233424791817653410584443373662886","149944842067346389017302328080986341812","40101543557772334580067996593009354448","127670423397753752106611892314955322368","198663082518012047229732362321115250964","50691208491066796313864547505203885270","90519045643153060195491742857102681673","213444256424670924186388147713864149837","114753393606446169922480977228392827595","253616554526802876770333764307268288494","229091997692385535872926239016478500606","292038722422219098116962597077480820010","222975745991603132454288720835422101983","235371523510176306239816164015139339715","140124482121170218016797412139455308043","27082542225579915724555939543284768701","258650441370437109223985149394539286178","110858850231790472264008407983703504618","2914296967295440314543192773808528406","237551758248653892466365281274862779769","160439523369995764722476777274166629006","117049679541985378994713167356262214817","108310973480771845548981967959765821251","230089782274251844774084366999644730258","220434879488968505360250507718839689191","185910892094750447449208407520131553352","127365293306414651232014693172128092169","1572218855521616598163792267797526848","285206603658449680949018769423627073101","262592301463513328521078710904060751928"],"threshold":0.9},"id":"CVE-2019-20925-7c57c333","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/query/plan_cache.h"}},{"digest":{"line_hashes":["283041394425018828130033026014458172242","95970503528789982307740250033831802464","98559803154705774198910405130626624273","149525315284717934011148571757481261074","301535103557386094238978142653256711508","284320164457712380223151937383061168343","12945018401890898251004914077697727530","394106568302872597209669320374270819"],"threshold":0.9},"id":"CVE-2019-20925-9e5fc381","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/commands/index_filter_commands_test.cpp"}},{"digest":{"line_hashes":["211302095009051770589606065100336730418","37647521103495863831766169056725434315","133558192893633628176295522096966182758","277726379253350331419294494358899467120","146844617137585812816994114542368402608","172978721909247082862271797707327737714","49112849793231729917905176277566117798","223532705528345771597965131164793453026","149525315284717934011148571757481261074","301535103557386094238978142653256711508","284320164457712380223151937383061168343","325202620221581004161356848582662237715","206074990617937065540786479664388572534","198576383241804326081103396171426638156","140873262182335553714627202839043930665","281547927142910523243562616093678312477","47877034763584936091406314226349832316","258345227171418854458314635535286479822","101562590714320763316646377367555726365","116491338089765079257873569247999912535","133177863762206711265305611137272003826","69030024504160018204579196714429388762","23527502418717790372612661088322562746","180832726578022905401497612338620424982","7241458183680099512972386381036939425","127887890499272517768797980141312173505"],"threshold":0.9},"id":"CVE-2019-20925-a00c0077","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/query/plan_cache_test.cpp"}},{"digest":{"line_hashes":["13441176491233147597845456803287192973","312209466225013381123918367944637317199","178374740945297750079199610484570283663","230492122056683860505669196925611140416","67230194741008992262299500381835428754","263245515678068258244039993047743575648","139005006502295311774836989501301485245","299039830766612424166970516543065917649","101297979159159596794190459519635347289","30905162255152128009465637615039254408"],"threshold":0.9},"id":"CVE-2019-20925-a9c297d2","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/commands/plan_cache_commands.cpp"}},{"digest":{"function_hash":"17090375825135569888461415007555292587","length":403},"id":"CVE-2019-20925-b04d8194","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/18934fb5c814e87895c5e38ae1515dd6cb4c00f7","deprecated":false,"target":{"function":"OplogIteratorLocal::next","file":"src/mongo/db/repl/oplog_interface_local.cpp"}},{"digest":{"line_hashes":["130908057754182996313471707325915273664","272153106280567894291216396660650063226","153755746877685796931534844298685081245","287982285162932353674091237751853986198","310463202953437858183583329754178450071","258839408762662344935875637793534612495","165035663043994554612747910086997471810","295596578961039225628600790074497553570","74979550564345330180606063944733916340","21464256637394972309671656912727685801","52591981046282157042044375060870796317","224708145254996415168485992844033626432","298499532380394599525487646281194072566","106421778497104557229907105095479101930","259481828467109254006079298420784628549","48279643257288653478225222689742525458","85402091642217969597400501629223805565","130728056868795560075927947706689752509","281851839345870323073039245724524307571","309439505823299154511622613911245569952","247096274669175455768582015213283176563","118606824449976893437575492123327999088","338149397740712948776368038254503149514","141466706582722848606948461593635869908","296473872922584472643179057245185774730","50456558965072165972058905395159831279","254332344062055189891701584332101706522","128718839806229748091954164692136872999","138396152687421325967309351810601420426","324419023848442439805929656002863152002","281430854265201913291275370220334346344","68238237470471346122659566515997860769","79234474342778838555823634492007994373","208572525474827917292472507353126599239","335921199841825488490018444660412881610","181577417091352927104524635812656040198","202872061048653701816359475728528679824","13224821402916220418960554192085583619","182627151346502274358503329553948506207","309608896433803921189772350329031312772","140316697345921836166754144929715553584","37961470043273272003669537217991945125","85957361108903450629163966663069561363","93243419463184799176121789158536770247","218823744909164913237791547540346800693","340204852402341953523210395799305723130","54805694216881382575579288502104768730","136907707641828755734011152565765078844","300060896618318081768254239210271103852","286059001965743399344529834667635694793","184971624448656445795822565712951478567","33433146716403531098398558303232617596","174705599298289420012406716817619713165","303968488929885857776584547802454173790","238545447395425107210351297799931698443","176530278783970525259336485614031079558","186860650447932792579519440493967921344","180213801509305584436514970844977636031","153708083742413693703969163025808960850","234744561000009072745064560675818608247","229802695756935644038676199041330183619","29552345137273259527454006781644161390","53940938621371961053048848846262652872","266388156895204474900957405336937903155","320060460291191515508447708315293778980","57815643529319702649966826554255900382","289702538593845158503932055886850414863","99654364594669246767113843556220434359","129693891651556046777074499562908601997","42577923193771095162409117555947085455","46005848347673364147014361899319514518"],"threshold":0.9},"id":"CVE-2019-20925-c4e612ff","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/query/plan_cache.cpp"}},{"digest":{"function_hash":"88563506863816348792643253774850303631","length":419},"id":"CVE-2019-20925-d8ba56d0","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"createDecision","file":"src/mongo/db/commands/index_filter_commands_test.cpp"}},{"digest":{"function_hash":"127452237706471859205172430421741646350","length":1896},"id":"CVE-2019-20925-e0521fe2","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"PlanCacheListPlans::list","file":"src/mongo/db/commands/plan_cache_commands.cpp"}},{"digest":{"line_hashes":["131240798263951054232521178069713357140","206243575198187016949452983288136570465","98559803154705774198910405130626624273","149525315284717934011148571757481261074","301535103557386094238978142653256711508","284320164457712380223151937383061168343","261152734257530849844896512908452199294","85592425779210166657894788748559326837"],"threshold":0.9},"id":"CVE-2019-20925-e78959e0","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/commands/plan_cache_commands_test.cpp"}},{"digest":{"function_hash":"309933753817895569709235968978638794444","length":1524},"id":"CVE-2019-20925-e96ffd7b","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"PlanCache::add","file":"src/mongo/db/query/plan_cache.cpp"}},{"digest":{"line_hashes":["24474191029971657838921704748693324504","288902090480411370352617486304842213292","176639449819184218916303002698399628565","114836373634831152329317867749603422423","194135929019982592017115246562158893069","262949178016447584901263800427297833311","238917462413599468801643332866164257166","147084766856232262431293206586811959820","75086184153747898894366859830564552297","308320802676020364568481275910652649869","52653189114466828956438369645435806013","18988974665100051416307784541638588976","126518598600074447793330407461023480200","228847166567427483777889525591074711935","20612724837979223268130547653193195242","271057224073107781696479282142179926938","230650531645175464643449849608134009818","305737874825020276506350966453450712453","242299520581957646309794460209511660052"],"threshold":0.9},"id":"CVE-2019-20925-eeb533cf","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/field_ref.h"}},{"digest":{"function_hash":"258982585359235048495457382327767671997","length":3352},"id":"CVE-2019-20925-f06e0c75","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"MultiPlanStage::pickBestPlan","file":"src/mongo/db/exec/multi_plan.cpp"}},{"digest":{"function_hash":"249511984474601012040839624409888368530","length":225},"id":"CVE-2019-20925-fb594bbb","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"function":"PlanCacheEntry::~PlanCacheEntry","file":"src/mongo/db/query/plan_cache.cpp"}},{"digest":{"line_hashes":["110006282607853729738802995625059149112","95222080390449587061900234268646660959","200855764932668043733136759288948248805","236061836345371249535211003821934679146","62715032453323606101403034412714912861","307859267414587615512133994925328149329","44000957497009808472431916542978192194"],"threshold":0.9},"id":"CVE-2019-20925-ff520f1a","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/bda366f0b0e432ca143bc41da54d8732bd8d03c0","deprecated":false,"target":{"file":"src/mongo/db/query/plan_ranker.h"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20925.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}