Upstream information

CVE-2013-2132 at MITRE


bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 822798 [CLOSED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • python-pymongo >= 2.4.1-2.4.1
  • python-pymongo-debuginfo >= 2.4.1-2.4.1
  • python-pymongo-debugsource >= 2.4.1-2.4.1
  • python3-pymongo >= 2.4.1-2.4.1
  • python3-pymongo-debuginfo >= 2.4.1-2.4.1
  • python3-pymongo-debugsource >= 2.4.1-2.4.1