PT-2013-3553 · Mongodb · Mongo-Python-Driver+1

Jibbers Mcgee

Publicado

2013-07-06

Atualizado

2023-02-13

CVE-2013-2132

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions mongo-python-driver versions prior to 2.5.2

Description The issue allows context-dependent attackers to cause a denial of service, resulting in a NULL pointer dereference and crash. This is related to the decoding of an "invalid DBRef" in the bson/ cbsonmodule.c file.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the decoding of DBRef objects to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-395

Identificadores relacionados

CVE-2013-2132

DSA-2705-1

GHSA-X33V-F3GP-GW2C

MGASA-2013-0201

OPENSUSE-SU-2024:10226-1

OPENSUSE-SU-2024:11256-1

OPENSUSE-SU-2024:13931-1

PYSEC-2013-30

RHSA-2013:1170

Produtos afetados

Mongodb

Mongo-Python-Driver

PT-2013-3553 · Mongodb · Mongo-Python-Driver+1

CVE-2013-2132

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27