QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6619

Published: Mar 6, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)

mailing-list

x_refsource_MLIST

[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

https://jira.mongodb.org/browse/SERVER-7769

x_refsource_CONFIRM

http://blog.ptsecurity.com/2012/11/attacking-mongodb.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1049748

x_refsource_CONFIRM

[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.