CVE-2012-6619

Name of the Vulnerable Software and Affected Versions MongoDB versions prior to 2.3.2

Description The issue concerns the default configuration of MongoDB, where objects are not validated. This allows remote authenticated users to cause a denial of service or read system memory by sending a crafted BSON object in the column name of an insert command. This action triggers a buffer over-read.

Recommendations For versions prior to 2.3.2, update to version 2.3.2 or later to resolve the issue. As a temporary workaround, consider validating objects before processing them to prevent potential exploitation. Restrict access to the insert command to minimize the risk of denial of service or system memory exposure.