CVE-2013-2132 | Vulnerability Database | Aqua Security

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an invalid DBRef.

Affected Software

Name	Vendor	Start Version	End Version
Mongodb	Mongodb	*	2.5.1 (including)
Mongodb	Mongodb	1.2.0 (including)	1.2.0 (including)
Mongodb	Mongodb	1.4.0 (including)	1.4.0 (including)
Mongodb	Mongodb	1.6.0 (including)	1.6.0 (including)
Mongodb	Mongodb	1.8.0 (including)	1.8.0 (including)
Mongodb	Mongodb	2.0.0 (including)	2.0.0 (including)
Mongodb	Mongodb	2.2.0 (including)	2.2.0 (including)
Mongodb	Mongodb	2.4.0 (including)	2.4.0 (including)
Mongodb	Mongodb	2.4.1 (including)	2.4.1 (including)
Mongodb	Mongodb	2.4.2 (including)	2.4.2 (including)
Mongodb	Mongodb	2.4.3 (including)	2.4.3 (including)
Mongodb	Mongodb	2.4.4 (including)	2.4.4 (including)
Mongodb	Mongodb	2.4.5 (including)	2.4.5 (including)
Mongodb	Mongodb	2.5.0 (including)	2.5.0 (including)

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html
http://seclists.org/oss-sec/2013/q2/447
http://ubuntu.com/usn/usn-1897-1
http://www.debian.org/security/2013/dsa-2705
http://www.osvdb.org/93804
http://www.securityfocus.com/bid/60252
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
https://jira.mongodb.org/browse/PYTHON-532

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-2132
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html