Security Advisory

CVE-2019-20925

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-24 11:00:16

Last updated 2024-09-16 23:45:46

Assigner mongodb

State PUBLISHED

Description

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.

← Browse all CVEs View on cve.org ↗