VYPR
Moderate severityNVD Advisory· Published Aug 15, 2013· Updated Jun 16, 2026

CVE-2013-2132

CVE-2013-2132

Description

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pymongoPyPI
< 2.5.22.5.2

Affected products

19
  • MongoDB/MongoDB14 versions
    cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*range: <=2.5.1
    • cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.5.2

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.