Improper Neutralization of Null Byte or NUL Character

CVE-2020-7928

Medium

6.5/10

Summary

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-158 - Improper Neutralization of Null Byte or NUL Character

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

References

Advisory Timeline

Published Nov 23, 2020

Improper Neutralization of Null Byte or NUL Character

CVE-2020-7928

Summary

CWE-158 - Improper Neutralization of Null Byte or NUL Character

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS