1. CVE-Search
  2. CVE-2013-2132
ID CVE-2013-2132
Summary bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
References
Vulnerable Configurations
  • cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:-:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:0.0.1:internal_preview0:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.0.1:internal_preview0:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.0.1:internal_preview1:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.0.1:internal_preview1:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.1.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.1.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.1.1:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.1.1:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.2.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.2.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.2.1:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.2.1:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.3.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.3.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.4.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.4.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.4.1:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.4.1:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.4.2:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.4.2:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.5.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.5.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.1:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.1:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.2:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.2:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.3:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.3:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.4:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.4:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.5:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.5:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.6:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.6:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.7:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.7:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.8:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.8:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.9:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.9:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.10:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.10:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.11:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.11:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.12:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.12:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.13:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.13:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.6.14:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.6.14:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.7.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.7.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:0.8.0:*:*:*:*:visual_studio_code:*:*
    cpe:2.3:a:mongodb:mongodb:0.8.0:*:*:*:*:visual_studio_code:*:*
  • cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-02-2023 - 04:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • mongodb-0:1.6.4-6.el6
  • mongodb-debuginfo-0:1.6.4-6.el6
  • mongodb-server-0:1.6.4-6.el6
  • pymongo-0:1.9-11.el6
  • pymongo-debuginfo-0:1.9-11.el6
  • python-bson-0:1.9-11.el6
refmap via4
bid 60252
debian DSA-2705
misc
mlist [oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery
osvdb 93804
suse openSUSE-SU-2013:1064
ubuntu USN-1897-1
Last major update 13-02-2023 - 04:42
Published 15-08-2013 - 17:55
Last modified 13-02-2023 - 04:42
Back to Top