Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-6619

Опубликовано: 23 нояб. 2012
Источник: redhat
CVSS2: 5.8
EPSS Низкий

Описание

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1mongodbWill not fix
Red Hat OpenShift Enterprise 2mongodbNot affected
Red Hat OpenStack Platform 3mongodbAffected
Red Hat Software Collectionsmongodb24-mongodbNot affected
Red Hat Subscription Asset ManagermongodbAffected
RHUI for RHEL 6mongodbWill not fix
OpenStack 4 for RHEL 6mongodbFixedRHSA-2014:023004.03.2014
Red Hat Enterprise MRG 2condorFixedRHSA-2014:044028.04.2014
Red Hat Enterprise MRG 2cuminFixedRHSA-2014:044028.04.2014
Red Hat Enterprise MRG 2mongodbFixedRHSA-2014:044028.04.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125->CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1049748mongodb: memory over-read via incorrect BSON object length

EPSS

Процентиль: 79%
0.01265
Низкий

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-6619

ubuntu
почти 12 лет назад

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

nvd логотип

CVE-2012-6619

nvd
почти 12 лет назад

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

debian логотип

CVE-2012-6619

debian
почти 12 лет назад

The default configuration for MongoDB before 2.3.2 does not validate o ...

github логотип

GHSA-7gm2-h58c-936h

github
больше 3 лет назад

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

EPSS

Процентиль: 79%
0.01265
Низкий

5.8 Medium

CVSS2