Vulnerability Name:

CVE-2013-2132 (CCN-84699)

Assigned:2013-05-31
Published:2013-05-31
Updated:2023-02-13
Summary:PyMongo is vulnerable to a denial of service, caused by a NULL pointer dereference error in the get_value() function within bson/_cbsonmodule.c when handling DBRefs. A remote attacker could exploit this vulnerability via a specially-crafted DBRef to cause the application to crash.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2013-2132

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-1170
Important: mongodb and pymongo security and enhancement update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA53637
PyMongo "get_value()" NULL Pointer Dereference Vulnerability

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2705
pymongo -- denial of service

Source: CCN
Type: BID-60252
MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 969560
CVE-2013-2132 pymongo: null pointer when decoding invalid DBRef

Source: XF
Type: UNKNOWN
pymongo-cve20132132-getvalue-dos(84699)

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Source: CCN
Type: PYTHON-532
User-triggerable NULL pointer dereference due to utter plebbery

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: PyMongo Web Site
PyMongo

Oval Definitions
Definition IDClassTitleLast Modified
oval:org.opensuse.security:def:20132132
V
CVE-2013-2132
2022-06-30
oval:org.opensuse.security:def:113285
P
python36-pymongo-3.11.4-1.2 on GA media (Moderate)
2022-01-17
oval:org.opensuse.security:def:113219
P
python-pymongo-3.1.1-1.5 on GA media (Moderate)
2022-01-17
oval:org.opensuse.security:def:106637
P
python-pymongo-3.1.1-1.5 on GA media (Moderate)
2021-10-01
oval:org.opensuse.security:def:106697
P
python36-pymongo-3.11.4-1.2 on GA media (Moderate)
2021-10-01
oval:org.opensuse.security:def:55251
P
Security update for python-urllib3 (Moderate)
2021-09-29
oval:org.opensuse.security:def:55934
P
Security update for libcares2 (Important)
2021-08-16
oval:org.opensuse.security:def:5089
P
Security update for php72 (Important)
2021-08-06
oval:org.opensuse.security:def:5076
P
Security update for MozillaFirefox (Important)
2021-07-16
oval:org.opensuse.security:def:5067
P
Security update for libnettle (Important)
2021-06-23
oval:org.opensuse.security:def:5749
P
Security update for wireshark (Important)
2021-06-22
oval:org.opensuse.security:def:5058
P
Security update for the Linux Kernel (Important)
2021-06-09
oval:org.opensuse.security:def:5727
P
Security update for qemu (Important)
2021-06-08
oval:org.opensuse.security:def:5025
P
Security update for curl (Moderate)
2021-04-28
oval:org.opensuse.security:def:11257
P
python-pymongo-2.6.3-2.20 on GA media (Moderate)
2020-12-03
oval:org.opensuse.security:def:4776
P
Security update for rmt-server (Important)
2020-12-02
oval:org.opensuse.security:def:4844
P
Security update for util-linux and shadow (Moderate)
2020-12-02
oval:org.opensuse.security:def:4768
P
Security update for ovmf (Moderate)
2020-12-02
oval:org.opensuse.security:def:4906
P
Security update for salt (Critical)
2020-12-02
oval:org.opensuse.security:def:5000
P
Security update for tomcat (Important)
2020-12-02
oval:org.opensuse.security:def:55768
P
Security update for python-setuptools (Important)
2020-12-02
oval:org.opensuse.security:def:4798
P
Security update for rsyslog (Moderate)
2020-12-02
oval:org.opensuse.security:def:4891
P
Security update for grub2 (Important)
2020-12-02
oval:org.opensuse.security:def:4925
P
Security update for mozilla-nspr, mozilla-nss (Important)
2020-12-02
oval:org.opensuse.security:def:55662
P
Security update for openldap2 (Important)
2020-12-01
oval:org.opensuse.security:def:56327
P
Security update for glibc (Important)
2020-12-01
oval:org.opensuse.security:def:55111
P
fuse on GA media (Moderate)
2020-12-01
oval:org.opensuse.security:def:56493
P
Security update for xen (Important)
2020-12-01
oval:org.opensuse.security:def:55489
P
Security update for pigz (Moderate)
2020-12-01
oval:org.opensuse.security:def:55088
P
cyrus-sasl on GA media (Moderate)
2020-12-01
oval:org.opensuse.security:def:56612
P
Security update for java-1_8_0-openjdk (Important)
2020-12-01
oval:org.opensuse.security:def:56219
P
Security update for guile (Low)
2020-12-01
oval:org.opensuse.security:def:55089
P
dbus-1 on GA media (Moderate)
2020-12-01
oval:org.opensuse.security:def:56419
P
Security update for ImageMagick (Moderate)
2020-12-01
oval:org.opensuse.security:def:56531
P
Security update for unixODBC (Moderate)
2020-12-01
oval:org.mitre.oval:def:21215
P
USN-1897-1 -- pymongo vulnerability
2014-06-30
oval:org.mitre.oval:def:18100
P
DSA-2705-1 pymongo - denial of service
2014-06-23
oval:com.ubuntu.precise:def:20132132000
V
CVE-2013-2132 on Ubuntu 12.04 LTS (precise) - medium.
2013-08-15
BACK