Vulnerability Details : CVE-2013-2132
Potential exploit
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2013-2132
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*
Threat overview for CVE-2013-2132
Top countries where our scanners detected CVE-2013-2132
Top open port discovered on systems with this issue
27017
IPs affected by CVE-2013-2132 89
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-2132!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-2132
2.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2132
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2013-2132
-
https://jira.mongodb.org/browse/PYTHON-532
[PYTHON-532] User-triggerable NULL pointer dereference due to utter plebbery - MongoDB
-
http://www.securityfocus.com/bid/60252
MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability
-
http://www.osvdb.org/93804
404 Not Found
-
http://seclists.org/oss-sec/2013/q2/447
oss-sec: Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery
-
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
Fix null pointer when decoding invalid DBRef PYTHON-532 · mongodb/mongo-python-driver@a060c15 · GitHubExploit;Patch
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
#710597 - pymongo: CVE-2013-2132: null pointer when decoding invalid DBRef - Debian Bug report logs
-
http://www.debian.org/security/2013/dsa-2705
Debian -- Security Information -- DSA-2705-1 pymongo
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html
openSUSE-SU-2013:1064-1: moderate: update for python-pymongo, python3-py
-
http://ubuntu.com/usn/usn-1897-1
USN-1897-1: PyMongo vulnerability | Ubuntu security noticesVendor Advisory
Jump to