CVE-2013-2132

Published: 3 June 2013

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Priority

Status

Package	Release	Status
pymongo Launchpad, Ubuntu, Debian	upstream	Released (2.5.2-1)
	lucid	Does not exist
	precise	Released (2.1-1ubuntu0.1)
	quantal	Released (2.2-2ubuntu0.1)
	raring	Released (2.2-4ubuntu0.1)
	Patches: upstream: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2132
https://ubuntu.com/security/notices/USN-1897-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
https://jira.mongodb.org/browse/PYTHON-532

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›