CVE-2013-1892

Published Oct 1, 2013

Last updated 2 years ago

CVSS info 6.0

Overview

Description: MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9828C4F0-141D-45AE-B6A4-1F841BF8389C",
            "versionEndIncluding": "2.0.8"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References