Description
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
References (9)
Core 9
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1897-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/93804
Various Sources x_refsource_misc
https://jira.mongodb.org/browse/PYTHON-532
Exploit, Patch x_refsource_misc
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q2/447
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2705
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/60252
Scores
EPSS
0.0263
EPSS Percentile
83.6%
Details
Status
published
Products (19)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
mongodb/mongodb
1.2.0
mongodb/mongodb
1.4.0
mongodb/mongodb
1.6.0
mongodb/mongodb
1.8.0
mongodb/mongodb
2.0.0
mongodb/mongodb
2.2.0
mongodb/mongodb
2.4.0
... and 9 more
Published
Aug 15, 2013
Tracked Since
Feb 18, 2026