CVE-2013-2132Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo

CWE-395Use of NullPointerException Catch to Detect NULL Pointer DereferenceCWE-476NULL Pointer Dereference11 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
2.2%
top 15.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian PymongoMongodbCanonical Ubuntu Linux+1 more
Timeline
PublishedAug 15
Latest updateMay 14

Description

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/pymongo< pymongo 2.5.2-1 (bookworm)
NVDmongodb/mongodb2.5.1+13

Also affects: Ubuntu Linux 12.04, 12.10, 13.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo2022-05-14
GHSA
Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo2022-05-14
OSV
CVE-2013-2132: bson/_cbsonmodule2013-08-15

📋Vendor Advisories

3
Ubuntu
PyMongo vulnerability2013-07-03
Red Hat
pymongo: null pointer when decoding invalid DBRef2013-05-31
Debian
CVE-2013-2132: pymongo - bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as u...2013

📄Research Papers

1
arXiv
Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses2018-09-05

💬Community

3
Bugzilla
CVE-2013-2132 pymongo: null pointer when decoding invalid DBRef [fedora-all]2013-05-31
Bugzilla
CVE-2013-2132 pymongo: null pointer when decoding invalid DBRef [epel-all]2013-05-31
Bugzilla
CVE-2013-2132 pymongo: null pointer when decoding invalid DBRef2013-05-31