{"id":"CVE-2020-7925","details":"Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.","aliases":["BIT-mongodb-2020-7925"],"modified":"2026-04-10T04:28:14.341537Z","published":"2020-11-23T15:15:11.543Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-49142"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"a4b751dcf51dd249c5865812b390cfd1c0129c30"},{"fixed":"06402114114ffc5146fd4b55402c96f1dc9ec4b5"},{"introduced":"0"},{"last_affected":"02869c7db07512f9492d00fcb7544e623fd21c84"},{"introduced":"0"},{"last_affected":"5218ee3e883b0230e121ae13a7640e0bc4a313ae"},{"introduced":"0"},{"last_affected":"f4273b8a9d14ed989477748cd46d51eaccf65140"},{"introduced":"0"},{"last_affected":"c8279c67d309858027cdb4d079ef9fd7122b1690"},{"introduced":"0"},{"last_affected":"201b8eb58920634b4519a8d3ea9b4c8c022b0875"},{"introduced":"0"},{"last_affected":"d2274bb6e1f8b21d73121a2fcb20b6628f652bbe"},{"introduced":"0"},{"last_affected":"bbdf0a11d1c61be0760a829e82799129beac7be0"},{"introduced":"0"},{"last_affected":"328c35e4b883540675fb4b626c53a08f74e43cf0"},{"introduced":"0"},{"last_affected":"b79b53f55a5c148fd297b81a45c08d08e2cf8f94"},{"introduced":"0"},{"last_affected":"ff99a2afe938bf7aec7e4bbfb0a922d7f70d6712"},{"introduced":"0"},{"last_affected":"bea79f76addfe4b754c8696db029c5b3c762041c"}],"database_specific":{"versions":[{"introduced":"4.2.0"},{"fixed":"4.2.9"},{"introduced":"0"},{"last_affected":"4.4.0-rc1"},{"introduced":"0"},{"last_affected":"4.4.0-rc10"},{"introduced":"0"},{"last_affected":"4.4.0-rc11"},{"introduced":"0"},{"last_affected":"4.4.0-rc2"},{"introduced":"0"},{"last_affected":"4.4.0-rc3"},{"introduced":"0"},{"last_affected":"4.4.0-rc4"},{"introduced":"0"},{"last_affected":"4.4.0-rc5"},{"introduced":"0"},{"last_affected":"4.4.0-rc6"},{"introduced":"0"},{"last_affected":"4.4.0-rc7"},{"introduced":"0"},{"last_affected":"4.4.0-rc8"},{"introduced":"0"},{"last_affected":"4.4.0-rc9"}]}}],"versions":["0.9.1","1.7-cut","r0.0.3","r0.0.4_rc1","r0.0.6_rc1","r0.0.7_rc1","r0.0.7_rc2","r0.0.7_rc3","r0.0.7_rc4","r0.0.9_rc1","r0.1.0_rc1","r0.1.2_rc1","r0.1.3_rc1","r0.1.4_rc1","r0.1.5_rc1","r0.1.6_rc1","r0.2.1","r0.9.1","r0.9.10","r0.9.5","r0.9.6","r0.9.8","r0.9.9","r1.1.1","r1.1.3","r1.3.0","r1.3.4","r1.5.0","r1.5.1","r1.5.2","r1.5.5","r1.5.6","r1.7.5","r1.7.6","r1.8.0-rc0","r2.1.1","r2.1.2","r2.2.0-rc0","r2.3.1","r2.3.2","r2.4.0-rc0","r2.4.0-rc1","r2.4.0-rc2","r2.4.0.rc1","r2.5.1","r2.5.2","r2.5.3","r2.5.4","r2.5.5","r2.6.0-rc0","r2.6.0-rc1","r2.7.0","r2.7.1","r2.7.2","r2.7.3","r2.7.4","r2.7.5","r2.7.6","r2.7.7","r2.7.8","r2.8.0-rc0","r2.8.0-rc1","r2.8.0-rc2","r2.8.0-rc3","r2.8.0-rc4","r2.8.0-rc5","r3.1.0","r3.1.1","r3.1.2","r3.1.3","r3.1.4","r3.1.5","r3.1.6","r3.1.7","r3.1.8","r3.1.9","r3.2.0","r3.2.0-rc0","r3.2.0-rc1","r3.2.0-rc2","r3.2.0-rc3","r3.2.0-rc4","r3.2.0-rc5","r3.2.0-rc6","r3.3.0","r3.3.1","r3.3.10","r3.3.11","r3.3.12","r3.3.13","r3.3.14","r3.3.15","r3.3.2","r3.3.3","r3.3.4","r3.3.5","r3.3.6","r3.3.7","r3.3.8","r3.3.9","r3.4.0-rc0","r3.4.0-rc1","r3.4.0-rc2","r3.4.0-rc3","r3.5.0","r3.5.1","r3.5.10","r3.5.11","r3.5.12","r3.5.13","r3.5.2","r3.5.3","r3.5.4","r3.5.5","r3.5.6","r3.5.7","r3.5.8","r3.5.9","r3.6.0-rc0","r3.6.0-rc1","r3.6.0-rc2","r3.6.0-rc3","r3.6.0-rc4","r3.7.0","r3.7.1","r3.7.2","r3.7.3","r3.7.4","r3.7.5","r3.7.6","r3.7.7","r3.7.8","r3.7.9","r4.0.0-rc0","r4.1.0","r4.1.1","r4.1.10","r4.1.11","r4.1.12","r4.1.13","r4.1.2","r4.1.3","r4.1.4","r4.1.5","r4.1.6","r4.1.7","r4.1.8","r4.1.9","r4.2.0","r4.2.1","r4.2.1-rc0","r4.2.2","r4.2.2-rc0","r4.2.2-rc1","r4.2.3","r4.2.3-rc0","r4.2.3-rc1","r4.2.4","r4.2.4-rc0","r4.2.5","r4.2.5-rc0","r4.2.5-rc1","r4.2.6","r4.2.6-rc0","r4.2.7","r4.2.7-rc0","r4.2.7-rc1","r4.2.8","r4.2.8-rc0","r4.3.0","r4.3.1","r4.3.2","r4.3.3","r4.3.4","r4.3.5","r4.3.6","r4.4.0-rc0","r4.4.0-rc1","r4.4.0-rc10","r4.4.0-rc11","r4.4.0-rc2","r4.4.0-rc3","r4.4.0-rc4","r4.4.0-rc5","r4.4.0-rc6","r4.4.0-rc7","r4.4.0-rc8","r4.4.0-rc9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7925.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}