CVE-2020-7926

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7926

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7926.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7926

Aliases

BIT-mongodb-2020-7926

Published

2020-11-23T15:15:11.667Z

Modified

2025-11-14T11:10:54.325989Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.

References

https://jira.mongodb.org/browse/SERVER-50170

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

563487e100c4215e2dce98d0af2a6a5a2d67c5cf

Fixed

ad91a93a5a31e175f5cbf8c69561e788bbc55ce1

Affected versions

r4.*

r4.4.0

r4.4.1-rc0

r4.4.1-rc1

r4.4.1-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "151262211054760185720127152001316281250",
            "length": 5307.0
        },
        "target": {
            "function": "__wt_txn_recover",
            "file": "src/third_party/wiredtiger/src/txn/txn_recover.c"
        },
        "id": "CVE-2020-7926-2d37e6c3",
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "222802404687574253373945116552049107396",
            "length": 595.0
        },
        "target": {
            "function": "__recovery_file_scan",
            "file": "src/third_party/wiredtiger/src/txn/txn_recover.c"
        },
        "id": "CVE-2020-7926-6ed27bda",
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/ad91a93a5a31e175f5cbf8c69561e788bbc55ce1",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "277395883631913544235843059429904341778",
                "190131020086289323787365361718434822041",
                "156593639150803104870368656550091158247",
                "254599983326529039473066318940603712053",
                "246215242810397006687658517823238030194",
                "30585347245087757459584332338861806407",
                "161438447538539267520882034343628408421",
                "313471203792529671136136365005831013652",
                "123414515668546916026728107986940604788",
                "154943114112322522419481562731002026669",
                "36833237464877143329818463633626119100",
                "89153525433556070057976587890049189048"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/third_party/wiredtiger/src/txn/txn_recover.c"
        },
        "id": "CVE-2020-7926-98d23718",
        "signature_type": "Line"
    }
]