CVE-2012-6619

Published Mar 6, 2014

Last updated 3 months ago

CVSS info 6.4

Overview

Description: The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94A44EAA-983E-4625-A35D-EE2FE116B3B5",
            "versionEndIncluding": "2.3.1"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02C47DC1-A725-460C-9EBB-5DAA616DF374"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2EDBDF4-2F0A-409A-A881-E94AC0A77A85"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "185A7242-0393-4DE1-B781-7D3FA68750A4"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98387C88-695E-4948-9FB4-E3D5234647E4"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B093A56-8E36-47C7-BE3C-F72FAC5CEC14"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A29408-7294-4A11-A77D-9CFCF9FD54AB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References