CVE-2013-2132

Published: Aug 15, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Affected (18)

Products: Mongodb: Mongodb · Canonical: Ubuntu Linux · Opensuse: Opensuse

1 product

1 product

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Mongodb Mongodb	Up to 2.5.1
Mongodb Mongodb	Version 1.2.0
Mongodb Mongodb	Version 1.4.0
Mongodb Mongodb	Version 1.6.0
Mongodb Mongodb	Version 1.8.0
Mongodb Mongodb	Version 2.0.0
Mongodb Mongodb	Version 2.2.0
Mongodb Mongodb	Version 2.4.0
Mongodb Mongodb	Version 2.4.1
Mongodb Mongodb	Version 2.4.2
Mongodb Mongodb	Version 2.4.3
Mongodb Mongodb	Version 2.4.4
Mongodb Mongodb	Version 2.4.5
Mongodb Mongodb	Version 2.5.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3

References (18)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html

Source: secalert@redhat.com

http://seclists.org/oss-sec/2013/q2/447

Source: secalert@redhat.com

http://ubuntu.com/usn/usn-1897-1

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2013/dsa-2705

Source: secalert@redhat.com

http://www.osvdb.org/93804

Source: secalert@redhat.com

http://www.securityfocus.com/bid/60252

Source: secalert@redhat.com

https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

Source: secalert@redhat.com

ExploitPatch

https://jira.mongodb.org/browse/PYTHON-532

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2013/q2/447

Source: af854a3a-2127-422b-91ae-364da2661108

http://ubuntu.com/usn/usn-1897-1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2013/dsa-2705

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/93804

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/60252

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://jira.mongodb.org/browse/PYTHON-532

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.