{"api_version":"1","generated_at":"2026-07-07T08:54:07+00:00","cve":"CVE-2012-6619","urls":{"html":"https://cve.report/CVE-2012-6619","api":"https://cve.report/api/cve/CVE-2012-6619.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-6619","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-6619"},"summary":{"title":"CVE-2012-6619","description":"The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.","state":"PUBLISHED","assigner":"mitre","published_at":"2014-03-06 15:55:28","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1049748","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1049748","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug 1049748 – CVE-2012-6619 mongodb: memory over-read via incorrect BSON object length","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://blog.ptsecurity.com/2012/11/attacking-mongodb.html","name":"http://blog.ptsecurity.com/2012/11/attacking-mongodb.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Positive Research Center: Attacking MongoDB","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2014/01/08/9","name":"http://www.openwall.com/lists/oss-security/2014/01/08/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: MongoDB memory over-read via incorrect BSON object length (was:\n [HITB-Announce] HITB Magazine Issue 10 Out Now)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://jira.mongodb.org/browse/SERVER-7769","name":"https://jira.mongodb.org/browse/SERVER-7769","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"[SERVER-7769] use --objcheck by default, Server arbitrary memory reading - MongoDB","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0440.html","name":"http://rhn.redhat.com/errata/RHSA-2014-0440.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2014/01/07/2","name":"http://www.openwall.com/lists/oss-security/2014/01/07/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-0230.html","name":"http://rhn.redhat.com/errata/RHSA-2014-0230.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2014/01/07/13","name":"http://www.openwall.com/lists/oss-security/2014/01/07/13","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-6619","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6619","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"1.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"1.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"1.6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"1.8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"2.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"6619","vulnerable":"1","versionEndIncluding":"2.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mongodb","cpe5":"mongodb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T21:36:01.807Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2014/01/07/13"},{"name":"[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2014/01/07/2"},{"name":"RHSA-2014:0230","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2014-0230.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://jira.mongodb.org/browse/SERVER-7769"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"},{"name":"RHSA-2014:0440","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2014-0440.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1049748"},{"name":"[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2014/01/08/9"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-11-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-04-30T12:57:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2014/01/07/13"},{"name":"[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2014/01/07/2"},{"name":"RHSA-2014:0230","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2014-0230.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://jira.mongodb.org/browse/SERVER-7769"},{"tags":["x_refsource_MISC"],"url":"http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"},{"name":"RHSA-2014:0440","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2014-0440.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1049748"},{"name":"[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2014/01/08/9"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-6619","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2014/01/07/13"},{"name":"[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2014/01/07/2"},{"name":"RHSA-2014:0230","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-0230.html"},{"name":"https://jira.mongodb.org/browse/SERVER-7769","refsource":"CONFIRM","url":"https://jira.mongodb.org/browse/SERVER-7769"},{"name":"http://blog.ptsecurity.com/2012/11/attacking-mongodb.html","refsource":"MISC","url":"http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"},{"name":"RHSA-2014:0440","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-0440.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1049748","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1049748"},{"name":"[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2014/01/08/9"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2012-6619","datePublished":"2014-03-06T15:00:00.000Z","dateReserved":"2014-01-07T00:00:00.000Z","dateUpdated":"2024-08-06T21:36:01.807Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-03-06 15:55:28","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.1","matchCriteriaId":"94A44EAA-983E-4625-A35D-EE2FE116B3B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"2FBA2303-8E19-415F-BD7C-B348DE0EC478"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"92948672-3F39-4675-BFB1-4ACACD078CC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"A7590AB3-4433-4589-9575-647015A5DA24"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"EC4562CE-83D2-422C-AB94-CB0EFABC2CF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F1B3AD0E-11F2-477E-9D18-B6A609A4C652"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"C36D5752-589C-4323-8515-073DDF89DB9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F63D8331-B0E9-4571-A74C-C13D3D4A13C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"AB8EA4FF-62DB-40DA-833E-E43F64C79EC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"253B057C-981D-4A8C-B81E-96ACD8C5AF86"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"3291EEA9-7A79-417D-98FD-1350B4A456D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"9FE04CE4-8D9F-4C56-802A-2F67DF884CDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"02C47DC1-A725-460C-9EBB-5DAA616DF374"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"2E0F23FE-3AAF-4E29-AF89-C6365E839119"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"37D967E7-87F2-450C-A593-0FEE0F2A9A94"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4C6CD236-537A-4144-ACDF-5242D11AE34A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"BE7C828E-47B2-46AB-90F1-FD9682188E45"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F2EDBDF4-2F0A-409A-A881-E94AC0A77A85"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"185A7242-0393-4DE1-B781-7D3FA68750A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*","matchCriteriaId":"98387C88-695E-4948-9FB4-E3D5234647E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*","matchCriteriaId":"7B093A56-8E36-47C7-BE3C-F72FAC5CEC14"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D0A29408-7294-4A11-A77D-9CFCF9FD54AB"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"6619","Ordinal":"1","Title":"CVE-2012-6619","CVE":"CVE-2012-6619","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"6619","Ordinal":"1","NoteData":"The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.","Type":"Description","Title":"CVE-2012-6619"},{"CveYear":"2012","CveId":"6619","Ordinal":"2","NoteData":"2014-03-06","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"6619","Ordinal":"3","NoteData":"2014-04-30","Type":"Other","Title":"Modified"}]}}}