Moderate severityNVD Advisory· Published Aug 15, 2013· Updated Jun 16, 2026
CVE-2013-2132
CVE-2013-2132
Description
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pymongoPyPI | < 2.5.2 | 2.5.2 |
Affected products
19cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*range: <=2.5.1
- cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
17- github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2nvdExploitPatchWEB
- ubuntu.com/usn/usn-1897-1nvdVendor Advisory
- github.com/advisories/GHSA-x33v-f3gp-gw2cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2132ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cgighsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pymongo/PYSEC-2013-30.yamlghsaWEB
- jira.mongodb.org/browse/PYTHON-532nvdWEB
- lists.opensuse.org/opensuse-updates/2013-06/msg00180.htmlghsaWEB
- seclists.org/oss-sec/2013/q2/447ghsaWEB
- ubuntu.com/usn/usn-1897-1ghsaWEB
- www.debian.org/security/2013/dsa-2705ghsaWEB
- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.opensuse.org/opensuse-updates/2013-06/msg00180.htmlnvd
- seclists.org/oss-sec/2013/q2/447nvd
- www.debian.org/security/2013/dsa-2705nvd
- www.osvdb.org/93804nvd
- www.securityfocus.com/bid/60252nvd
News mentions
0No linked articles in our index yet.