Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-2132

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Published

2013-08-15T17:55:24.500

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mongodb	mongodb	≤ 2.5.1	Yes
Application	mongodb	mongodb	1.2.0	Yes
Application	mongodb	mongodb	1.4.0	Yes
Application	mongodb	mongodb	1.6.0	Yes
Application	mongodb	mongodb	1.8.0	Yes
Application	mongodb	mongodb	2.0.0	Yes
Application	mongodb	mongodb	2.2.0	Yes
Application	mongodb	mongodb	2.4.0	Yes
Application	mongodb	mongodb	2.4.1	Yes
Application	mongodb	mongodb	2.4.2	Yes
Application	mongodb	mongodb	2.4.3	Yes
Application	mongodb	mongodb	2.4.4	Yes
Application	mongodb	mongodb	2.4.5	Yes
Application	mongodb	mongodb	2.5.0	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	12.10	Yes
Operating System	canonical	ubuntu_linux	13.04	Yes
Operating System	opensuse	opensuse	12.3	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 ([email protected])
http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html ([email protected])
http://seclists.org/oss-sec/2013/q2/447 ([email protected])
http://ubuntu.com/usn/usn-1897-1 Vendor Advisory ([email protected])
http://www.debian.org/security/2013/dsa-2705 ([email protected])
http://www.osvdb.org/93804 ([email protected])
http://www.securityfocus.com/bid/60252 ([email protected])
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 Exploit, Patch ([email protected])
https://jira.mongodb.org/browse/PYTHON-532 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2013/q2/447 (af854a3a-2127-422b-91ae-364da2661108)
http://ubuntu.com/usn/usn-1897-1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2013/dsa-2705 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/93804 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/60252 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://jira.mongodb.org/browse/PYTHON-532 (af854a3a-2127-422b-91ae-364da2661108)