4.3

CVE-2013-2132

Exploit
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MongoDBMongoDB Version <= 2.5.1
MongoDBMongoDB Version1.2.0
MongoDBMongoDB Version1.4.0
MongoDBMongoDB Version1.6.0
MongoDBMongoDB Version1.8.0
MongoDBMongoDB Version2.0.0
MongoDBMongoDB Version2.2.0
MongoDBMongoDB Version2.4.0
MongoDBMongoDB Version2.4.1
MongoDBMongoDB Version2.4.2
MongoDBMongoDB Version2.4.3
MongoDBMongoDB Version2.4.4
MongoDBMongoDB Version2.4.5
MongoDBMongoDB Version2.5.0
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.63% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html
http://seclists.org/oss-sec/2013/q2/447
http://ubuntu.com/usn/usn-1897-1
Vendor Advisory
http://www.debian.org/security/2013/dsa-2705
http://www.osvdb.org/93804
http://www.securityfocus.com/bid/60252
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
Patch
Exploit
https://jira.mongodb.org/browse/PYTHON-532