Unrated severityNVD Advisory· Published Mar 6, 2014· Updated May 6, 2026
CVE-2012-6619
CVE-2012-6619
Description
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
Affected products
23cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*range: <=2.3.1
- cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- blog.ptsecurity.com/2012/11/attacking-mongodb.htmlnvdExploit
- jira.mongodb.org/browse/SERVER-7769nvdExploitVendor Advisory
- rhn.redhat.com/errata/RHSA-2014-0230.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0440.htmlnvd
- www.openwall.com/lists/oss-security/2014/01/07/13nvd
- www.openwall.com/lists/oss-security/2014/01/07/2nvd
- www.openwall.com/lists/oss-security/2014/01/08/9nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.