CVE-2013-3969
MongoDB 2.4.0-2.4.4 - Authenticated Denial of Service via Invalid RefDB Object
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-3969. PoCs published by SCRT Security.
AI-analyzed exploit summary This exploit leverages a memory corruption vulnerability in MongoDB by inserting a large number of malformed chunks into a collection, followed by a crafted `db.eval` call to trigger remote code execution. The exploit targets MongoDB 2.4.4 and potentially other versions.
Description
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
Exploits (1)
This exploit leverages a memory corruption vulnerability in MongoDB by inserting a large number of malformed chunks into a collection, followed by a crafted `db.eval` call to trigger remote code execution. The exploit targets MongoDB 2.4.4 and potentially other versions.