{"id":"PYSEC-2013-30","details":"bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"","aliases":["CVE-2013-2132","GHSA-x33v-f3gp-gw2c"],"modified":"2023-11-01T05:28:14.949173Z","published":"2013-08-15T17:55:00Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/60252"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"},{"type":"WEB","url":"http://www.osvdb.org/93804"},{"type":"FIX","url":"https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"},{"type":"WEB","url":"http://ubuntu.com/usn/usn-1897-1"},{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2705"},{"type":"WEB","url":"http://seclists.org/oss-sec/2013/q2/447"},{"type":"WEB","url":"https://jira.mongodb.org/browse/PYTHON-532"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-x33v-f3gp-gw2c"}],"affected":[{"package":{"name":"pymongo","ecosystem":"PyPI","purl":"pkg:pypi/pymongo"},"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo-python-driver","events":[{"introduced":"0"},{"fixed":"a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.2"}]}],"versions":["0.1.1pre","0.1.2pre","0.10","0.10.1","0.10.2","0.10.3","0.11","0.11.1","0.11.2","0.11.3","0.12","0.13","0.14","0.14.1","0.14.2","0.15","0.15.1","0.15.2","0.16","0.1pre","0.2pre","0.3.1pre","0.3pre","0.4pre","0.5.1pre","0.5.2pre","0.5.3pre","0.5pre","0.6","0.7","0.7.1","0.7.2","0.8","0.8.1","0.9","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","1.0","1.1","1.1.1","1.1.2","1.10","1.10.1","1.11","1.2","1.2.1","1.3","1.4","1.5","1.5.1","1.5.2","1.6","1.7","1.8","1.8.1","1.9","2.0","2.0.1","2.1","2.1.1","2.2","2.2.1","2.3","2.4","2.4.1","2.4.2","2.5","2.5.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pymongo/PYSEC-2013-30.yaml"}}],"schema_version":"1.7.3"}