CVE-2013-1892
Published Oct 1, 2013
Last updated 2 years ago
Overview
- Description
- MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9828C4F0-141D-45AE-B6A4-1F841BF8389C",
"versionEndIncluding": "2.0.8"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A"
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2"
}
],
"operator": "OR"
}
]
}
]