CVE-2012-6619
Published Mar 6, 2014
Last updated 11 years ago
Overview
- Description
- The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94A44EAA-983E-4625-A35D-EE2FE116B3B5",
"versionEndIncluding": "2.3.1"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02C47DC1-A725-460C-9EBB-5DAA616DF374"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2EDBDF4-2F0A-409A-A881-E94AC0A77A85"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "185A7242-0393-4DE1-B781-7D3FA68750A4"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98387C88-695E-4948-9FB4-E3D5234647E4"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B093A56-8E36-47C7-BE3C-F72FAC5CEC14"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0A29408-7294-4A11-A77D-9CFCF9FD54AB"
}
],
"operator": "OR"
}
]
}
]