GHSA-x33v-f3gp-gw2c

Source

https://github.com/advisories/GHSA-x33v-f3gp-gw2c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x33v-f3gp-gw2c/GHSA-x33v-f3gp-gw2c.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-x33v-f3gp-gw2c

Aliases

Published

2022-05-14T02:10:10Z

Modified

2024-10-16T02:48:07.426983Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo

Details

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Database specific

{
    "nvd_published_at": "2013-08-15T17:55:00Z",
    "cwe_ids": [
        "CWE-395"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:07:51Z"
}

References

Affected packages

PyPI / pymongo

Package

Name: pymongo; View open source insights on deps.dev
Purl: pkg:pypi/pymongo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2

Affected versions

0.*

0.1pre

0.1.1pre

0.1.2pre

0.2pre

0.3pre

0.3.1pre

0.4pre

0.5pre

0.5.1pre

0.5.2pre

0.5.3pre

0.6

0.7

0.7.1

0.7.2

0.8

0.8.1

0.9

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.10

0.10.1

0.10.2

0.10.3

0.11

0.11.1

0.11.2

0.11.3

0.12

0.13

0.14

0.14.1

0.14.2

0.15

0.15.1

0.15.2

0.16

1.*

1.0

1.1

1.1.1

1.1.2

1.2

1.2.1

1.3

1.4

1.5

1.5.1

1.5.2

1.6

1.7

1.8

1.8.1

1.9

1.10

1.10.1

1.11

2.*

2.0

2.0.1

2.1

2.1.1

2.2

2.2.1

2.3

2.4

2.4.1

2.4.2

2.5

2.5.1