What is the severity of CVE-2013-2132?

CVE-2013-2132 is classified as a denial of service vulnerability due to a NULL pointer dereference.

How do I fix CVE-2013-2132?

To fix CVE-2013-2132, update the pymongo package to version 2.5.2 or later.

What software is affected by CVE-2013-2132?

CVE-2013-2132 affects pymongo versions before 2.5.2 and several versions of MongoDB.

Can CVE-2013-2132 cause any data loss?

CVE-2013-2132 primarily leads to a denial of service but does not inherently cause data loss.

Is CVE-2013-2132 specific to certain operating systems?

CVE-2013-2132 is not specific to any operating system, as it affects the pymongo library used across various platforms.

Vulnerability/
CVE-2013-2132

medium

4.3

CWE

476 395

1/6/2013

15/8/2013

14/5/2022

15/10/2024

CVE-2013-2132: Null Pointer Dereference

First published: Sat Jun 01 2013(Updated: )

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
pip/pymongo	<2.5.2	2.5.2
debian/2.2-4
debian/2.5-1
debian/pymongo		3.11.0-1 3.11.0-1+deb11u1 3.11.0-1+deb12u1 4.10.1-2
MongoDB Server	<=2.5.1
MongoDB Server	=1.2.0
MongoDB Server	=1.4.0
MongoDB Server	=1.6.0
MongoDB Server	=1.8.0
MongoDB Server	=2.0.0
MongoDB Server	=2.2.0
MongoDB Server	=2.4.0
MongoDB Server	=2.4.1
MongoDB Server	=2.4.2
MongoDB Server	=2.4.3
MongoDB Server	=2.4.4
MongoDB Server	=2.4.5
MongoDB Server	=2.5.0
Ubuntu Linux	=12.04
Ubuntu Linux	=12.10
Ubuntu Linux	=13.04
openSUSE	=12.3

Remedy

https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2132?
CVE-2013-2132 is classified as a denial of service vulnerability due to a NULL pointer dereference.
How do I fix CVE-2013-2132?
To fix CVE-2013-2132, update the pymongo package to version 2.5.2 or later.
What software is affected by CVE-2013-2132?
CVE-2013-2132 affects pymongo versions before 2.5.2 and several versions of MongoDB.
Can CVE-2013-2132 cause any data loss?
CVE-2013-2132 primarily leads to a denial of service but does not inherently cause data loss.
Is CVE-2013-2132 specific to certain operating systems?
CVE-2013-2132 is not specific to any operating system, as it affects the pymongo library used across various platforms.

agent/type
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-x33v-f3gp-gw2c
alias/CVE-2013-2132
agent/software-canonical-lookup
agent/weakness
agent/last-modified-date
collector/debian-bugs
source/Debian
agent/references
agent/author
agent/severity
agent/event
agent/first-publish-date
collector/security-tracker-debian
collector/github-advisory
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/pip
package-manager/debian
vendor/mongodb
canonical/mongodb server
version/mongodb server/2.5.1
version/mongodb server/1.2.0
version/mongodb server/1.4.0
version/mongodb server/1.6.0
version/mongodb server/1.8.0
version/mongodb server/2.0.0
version/mongodb server/2.2.0
version/mongodb server/2.4.0
version/mongodb server/2.4.1
version/mongodb server/2.4.2
version/mongodb server/2.4.3
version/mongodb server/2.4.4
version/mongodb server/2.4.5
version/mongodb server/2.5.0
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/12.04
version/ubuntu linux/12.10
version/ubuntu linux/13.04
vendor/opensuse
canonical/opensuse
version/opensuse/12.3