Lucene search

K

GoogleOSV:GHSA-X33V-F3GP-GW2C

HistoryMay 14, 2022 - 2:10 a.m.

Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo

2022-05-1402:10:10

Google

osv.dev

7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.9%

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an “invalid DBRef.”

CPENameOperatorVersion
pymongoeq0.14.2
pymongoeq2.5
pymongoeq0.9.4
pymongoeq1.5.1
pymongoeq2.4.2
pymongoeq0.9.6
pymongoeq1.3
pymongoeq0.4pre
pymongoeq1.1.2
pymongoeq0.14

Rows per page:

1-10 of 731

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597

github.com/advisories/GHSA-x33v-f3gp-gw2c

github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2

github.com/pypa/advisory-database/tree/main/vulns/pymongo/PYSEC-2013-30.yaml

jira.mongodb.org/browse/PYTHON-532

lists.opensuse.org/opensuse-updates/2013-06/msg00180.html

nvd.nist.gov/vuln/detail/CVE-2013-2132

seclists.org/oss-sec/2013/q2/447

ubuntu.com/usn/usn-1897-1

www.debian.org/security/2013/dsa-2705

www.osvdb.org/93804

www.securityfocus.com/bid/60252

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.9%

Related for OSV:GHSA-X33V-F3GP-GW2C

securityvulns2 debian2 ubuntucve1 openvas5 ubuntu1 mageia1 github1 osv2 cve1 prion1 nessus4 seebug1 debiancve1 redhat1 kitploit1 n0where1