PyPi: Pymongo

CVE-2013-2132

Safety vulnerability ID: 35429

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 15, 2013 Updated at Dec 10, 2024
Scan your Python projects for vulnerabilities →

Advisory

Pymongo 2.5.2 includes a fix for CVE-2013-2132: null pointer when decoding invalid DBRef.
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

Affected package

pymongo

Latest version: 4.10.1

Python driver for MongoDB <http://www.mongodb.org>

Affected versions

Fixed versions

Vulnerability changelog

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."


MLIST:[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery: http://seclists.org/oss-sec/2013/q2/447
MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
MISC:https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
MISC:https://jira.mongodb.org/browse/PYTHON-532: https://jira.mongodb.org/browse/PYTHON-532
DEBIAN:DSA-2705: http://www.debian.org/security/2013/dsa-2705
SUSE:openSUSE-SU-2013:1064: http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html
UBUNTU:USN-1897-1: http://ubuntu.com/usn/usn-1897-1
BID:60252: http://www.securityfocus.com/bid/60252
OSVDB:93804: http://www.osvdb.org/93804

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 4.3

CVSS v2 Details

MEDIUM 4.3
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL