CVE-2013-1892 – MongoDB nativeHelper.apply Remote Code Execution

https://notcve.org/view.php?id=CVE-2013-1892

02 Apr 2013 — MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. MongoDB anterior a v2.0.9 y v2.2.x anterior a v.2.4 no valida correctamente las peticiones de la función nativeHelper en SpiderMonkey, lo que permite a usuarios autenticados remotamente provocar una... • https://packetstorm.news/files/id/121045 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •