6.4

CVE-2012-6619

Exploit
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MongodbMongodb Version <= 2.3.1
MongodbMongodb Version1.2.0
MongodbMongodb Version1.4.0
MongodbMongodb Version1.6.0
MongodbMongodb Version1.8.0
MongodbMongodb Version2.0.0
MongodbMongodb Version2.0.1
MongodbMongodb Version2.0.2
MongodbMongodb Version2.0.3
MongodbMongodb Version2.0.4
MongodbMongodb Version2.0.5
MongodbMongodb Version2.0.6
MongodbMongodb Version2.0.7
MongodbMongodb Version2.0.8
MongodbMongodb Version2.2.0
MongodbMongodb Version2.2.1
MongodbMongodb Version2.2.2
MongodbMongodb Version2.2.3
MongodbMongodb Version2.2.4
MongodbMongodb Version2.2.5
MongodbMongodb Version2.2.6
MongodbMongodb Version2.2.7
MongodbMongodb Version2.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.22% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.