First published: Sat Jun 01 2013(Updated: )
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | <=2.5.1 | |
MongoDB MongoDB | =1.2.0 | |
MongoDB MongoDB | =1.4.0 | |
MongoDB MongoDB | =1.6.0 | |
MongoDB MongoDB | =1.8.0 | |
MongoDB MongoDB | =2.0.0 | |
MongoDB MongoDB | =2.2.0 | |
MongoDB MongoDB | =2.4.0 | |
MongoDB MongoDB | =2.4.1 | |
MongoDB MongoDB | =2.4.2 | |
MongoDB MongoDB | =2.4.3 | |
MongoDB MongoDB | =2.4.4 | |
MongoDB MongoDB | =2.4.5 | |
MongoDB MongoDB | =2.5.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.04 | |
openSUSE openSUSE | =12.3 | |
pip/pymongo | <2.5.2 | 2.5.2 |
debian/2.2-4 | ||
debian/2.5-1 | ||
debian/pymongo | 3.11.0-1 3.11.0-1+deb11u1 3.11.0-1+deb12u1 4.10.1-2 |
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.