4.3
CVSSv2

CVE-2013-2132

Published: 15/08/2013 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) prior to 2.5.2, as used in MongoDB, allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

mongodb mongodb 1.2.0

mongodb mongodb 1.4.0

mongodb mongodb 1.6.0

mongodb mongodb 1.8.0

mongodb mongodb 2.0.0

mongodb mongodb 2.2.0

mongodb mongodb 2.4.0

mongodb mongodb 2.4.1

mongodb mongodb 2.4.2

mongodb mongodb 2.4.3

mongodb mongodb 2.4.4

mongodb mongodb 2.4.5

mongodb mongodb 2.5.0

mongodb mongodb

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

canonical ubuntu linux 13.04

opensuse opensuse 12.3

Vendor Advisories

Synopsis Important: mongodb and pymongo security and enhancement update Type/Severity Security Advisory: Important Topic Updated mongodb and pymongo packages that fix two security issues and addone enhancement are now available for Red Hat Enterprise MRG 23 for RedHat Enterprise Linux 6The Red Hat Securit ...
Debian Bug report logs - #710597 pymongo: CVE-2013-2132: null pointer when decoding invalid DBRef Package: pymongo; Maintainer for pymongo is Federico Ceratto <federico@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Jun 2013 08:57:01 UTC Severity: grave Tags: patch, security, upstrea ...
PyMongo could be made to crash under certain conditions ...
Jibbers McGee discovered that PyMongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash The oldstable distribution (squeeze) is not affected by this issue For the stable distribution (wheezy), this proble ...
Debian Bug report logs - #715007 mongodb: CVE-2013-4650 Package: mongodb; Maintainer for mongodb is Debian MongoDB Maintainers <team+mongodb@trackerdebianorg>; Source for mongodb is src:mongodb (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 5 Jul 2013 12:06:02 UTC Severity: grav ...
bson/_cbsonmodulec in the mongo-python-driver (aka pymongo) before 252, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef" ...

Github Repositories

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing Installing with pip This is the recommended installation method in case you have python and pip pip install mongoaudit Alternative installer Use this if and only if python and pip are not available on your platform curl -s mongoaudit/

A powerful MongoDB auditing and pentesting tool

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing Installing with pip This is the recommended installation method in case you have python and pip pip install mongoaudit Alternative installer Use this if and only if python and pip are not available on your platform curl -s mongoaudit/

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing Installing with pip This is the recommended installation method in case you have python and pip pip install mongoaudit Alternative installer Use this if and only if python and pip are not available on your platform curl -s mongoaudit/