Published: 15/08/2013 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) prior to 2.5.2, as used in MongoDB, allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Vulnerable Product	Search on Vulmon	Subscribe to Product
mongodb mongodb 1.8.0
mongodb mongodb 2.0.0
mongodb mongodb 2.4.2
mongodb mongodb
mongodb mongodb 1.2.0
mongodb mongodb 2.4.5
mongodb mongodb 2.2.0
mongodb mongodb 1.4.0
mongodb mongodb 2.4.0
mongodb mongodb 2.4.3
mongodb mongodb 1.6.0
mongodb mongodb 2.5.0
mongodb mongodb 2.4.4
mongodb mongodb 2.4.1
canonical ubuntu linux 13.04
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
opensuse opensuse 12.3

Synopsis Important: mongodb and pymongo security and enhancement update Type/Severity Security Advisory: Important Topic Updated mongodb and pymongo packages that fix two security issues and addone enhancement are now available for Red Hat Enterprise MRG 23 for RedHat Enterprise Linux 6The Red Hat Securit ...

PyMongo could be made to crash under certain conditions ...

Debian Bug report logs - #710597 pymongo: CVE-2013-2132: null pointer when decoding invalid DBRef Package: pymongo; Maintainer for pymongo is Federico Ceratto <federico@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Jun 2013 08:57:01 UTC Severity: grave Tags: patch, security, upstrea ...

Debian Bug report logs - #715007 mongodb: CVE-2013-4650 Package: mongodb; Maintainer for mongodb is Debian MongoDB Maintainers <team+mongodb@trackerdebianorg>; Source for mongodb is src:mongodb (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 5 Jul 2013 12:06:02 UTC Severity: grav ...

Jibbers McGee discovered that PyMongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash The oldstable distribution (squeeze) is not affected by this issue For the stable distribution (wheezy), this proble ...

bson/_cbsonmodulec in the mongo-python-driver (aka pymongo) before 252, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef" ...

NVD-CWE-Other http://www.securityfocus.com/bid/60252 http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 http://www.osvdb.org/93804 https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 http://ubuntu.com/usn/usn-1897-1 http://www.debian.org/security/2013/dsa-2705 http://seclists.org/oss-sec/2013/q2/447 https://jira.mongodb.org/browse/PYTHON-532 https://access.redhat.com/errata/RHSA-2013:1170 https://usn.ubuntu.com/1897-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2132

CVE-2013-2132

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect