CVE-2020-7923

MEDIUM

MongoDB <4.4.0-rc7, <4.2.8, <4.0.19 - DoS

Title source: llm

Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

References (1)

Core 1

Core References

Issue Tracking, Patch, Vendor Advisory x_refsource_misc

https://jira.mongodb.org/browse/SERVER-47773

Scores

CVSS v3 6.5

EPSS 0.0127

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-755

Status published

Products (1)

mongodb/mongodb 4.0 - 4.0.19

Published Aug 21, 2020

Tracked Since Feb 18, 2026