{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-08-15T17:00:00Z"}, "references": [{"name": "openSUSE-SU-2013:1064", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"}, {"name": "USN-1897-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1897-1"}, {"name": "93804", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/93804"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.mongodb.org/browse/PYTHON-532"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"}, {"name": "[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q2/447"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"}, {"name": "DSA-2705", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2705"}, {"name": "60252", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60252"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:40.620Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:1064", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"}, {"name": "USN-1897-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1897-1"}, {"name": "93804", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/93804"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.mongodb.org/browse/PYTHON-532"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"}, {"name": "[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q2/447"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"}, {"name": "DSA-2705", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2705"}, {"name": "60252", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60252"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2132", "state": "PUBLISHED", "dateReserved": "2013-02-19T00:00:00Z", "datePublished": "2013-08-15T17:00:00Z", "dateUpdated": "2024-08-06T15:27:40.620Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7FEFBDC-9423-4194-B7F1-B928F80FA004", "versionEndIncluding": "2.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB2A001B-D790-4DEA-9420-6BD18F1D0BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD7C03C0-5B7B-4808-8F50-1D5517CEF61F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "C37483C2-DA83-4BE4-9960-5A691661670B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "039B2CC3-CB74-4ADE-BEEF-65A5A0C4F6E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "86DB7435-C47E-426E-B3A6-216089F4CCAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3E07CB0-95EC-4024-B059-4E2180F025A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D142852D-DF64-4AE5-97A4-FAA0EF3A8AB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\""}, {"lang": "es", "value": "bson/_cbsonmodule.c en el mongo-python-driver (tambi\u00e9n conocido como pymongo) anterior a v2.5.2, como es usado en MongoDB, permite a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (referencia NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores relacionados con la decodificaci\u00f3n de un \"invalid DBRef\"."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\n\n'CWE-476: NULL Pointer Dereference'", "id": "CVE-2013-2132", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-15T17:55:24.500", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q2/447"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://ubuntu.com/usn/usn-1897-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2705"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/93804"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/60252"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"}, {"source": "secalert@redhat.com", "url": "https://jira.mongodb.org/browse/PYTHON-532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2013/q2/447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ubuntu.com/usn/usn-1897-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/93804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/60252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jira.mongodb.org/browse/PYTHON-532"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1170", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "mongodb-0:1.6.4-6.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-08-21T00:00:00Z"}, {"advisory": "RHSA-2013:1170", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "pymongo-0:1.9-11.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-08-21T00:00:00Z"}], "bugzilla": {"description": "pymongo: null pointer when decoding invalid DBRef", "id": "969560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=969560"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-476", "details": ["bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\""], "name": "CVE-2013-2132", "package_state": [{"cpe": "cpe:/a:cloudforms_tools:1", "fix_state": "Will not fix", "package_name": "pymongo", "product_name": "Red Hat CloudForms Tools 1"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "pymongo", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Will not fix", "package_name": "pymongo", "product_name": "RHUI for RHEL 6"}], "public_date": "2013-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2132\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2132"], "statement": "Red Hat Update Infrastructure 2.1.3 is now in Production 2 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Update Infrastructure Life Cycle: https://access.redhat.com/support/policy/updates/rhui.", "threat_severity": "Moderate"}