{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-30T12:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13"}, {"name": "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2"}, {"name": "RHSA-2014:0230", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.mongodb.org/browse/SERVER-7769"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"}, {"name": "RHSA-2014:0440", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"}, {"name": "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/01/08/9"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6619", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13"}, {"name": "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2"}, {"name": "RHSA-2014:0230", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html"}, {"name": "https://jira.mongodb.org/browse/SERVER-7769", "refsource": "CONFIRM", "url": "https://jira.mongodb.org/browse/SERVER-7769"}, {"name": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html", "refsource": "MISC", "url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"}, {"name": "RHSA-2014:0440", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"}, {"name": "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/01/08/9"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:36:01.807Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13"}, {"name": "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2"}, {"name": "RHSA-2014:0230", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.mongodb.org/browse/SERVER-7769"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"}, {"name": "RHSA-2014:0440", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"}, {"name": "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/01/08/9"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6619", "datePublished": "2014-03-06T15:00:00", "dateReserved": "2014-01-07T00:00:00", "dateUpdated": "2024-08-06T21:36:01.807Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "94A44EAA-983E-4625-A35D-EE2FE116B3B5", "versionEndIncluding": "2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "02C47DC1-A725-460C-9EBB-5DAA616DF374", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2EDBDF4-2F0A-409A-A881-E94AC0A77A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "185A7242-0393-4DE1-B781-7D3FA68750A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "98387C88-695E-4948-9FB4-E3D5234647E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7B093A56-8E36-47C7-BE3C-F72FAC5CEC14", "vulnerable": true}, {"criteria": "cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0A29408-7294-4A11-A77D-9CFCF9FD54AB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto para MongoDB anterior a 2.3.2 no valida objetos, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda) o leer la memoria del sistema a trav\u00e9s de un objeto BSON manipulado en el nombre de columna en un comando \"insert\", lo que provoca una sobrelectura de buffer."}], "id": "CVE-2012-6619", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-06T15:55:28.737", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/01/08/9"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/SERVER-7769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/01/08/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/SERVER-7769"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0230", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "mongodb-0:2.2.4-4.el6ost", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2014-03-04T00:00:00Z"}, {"advisory": "RHSA-2014:0440", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-0:7.8.10-0.1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-04-28T00:00:00Z"}, {"advisory": "RHSA-2014:0440", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5797-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-04-28T00:00:00Z"}, {"advisory": "RHSA-2014:0440", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "mongodb-0:1.6.4-7.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-04-28T00:00:00Z"}, {"advisory": "RHSA-2014:0440", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "mrg-release-0:2.5.0-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-04-28T00:00:00Z"}, {"advisory": "RHEA-2014:1175", "cpe": "cpe:/a:redhat:satellite:6.0::el6", "package": "mongodb-0:2.4.6-2.el6sat", "product_name": "Red Hat Satellite 6.0", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHEA-2014:1175", "cpe": "cpe:/a:redhat:satellite_capsule:6.0::el6", "package": "mongodb-0:2.4.6-2.el6sat", "product_name": "Red Hat Satellite 6.0", "release_date": "2014-09-10T00:00:00Z"}], "bugzilla": {"description": "mongodb: memory over-read via incorrect BSON object length", "id": "1049748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified"}, "cwe": "CWE-125->CWE-200", "details": ["The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."], "name": "CVE-2012-6619", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "mongodb", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "mongodb", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:3", "fix_state": "Affected", "package_name": "mongodb", "product_name": "Red Hat OpenStack Platform 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "mongodb24-mongodb", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Affected", "package_name": "mongodb", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Will not fix", "package_name": "mongodb", "product_name": "RHUI for RHEL 6"}], "public_date": "2012-11-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-6619\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6619"], "threat_severity": "Moderate"}