cvelistv5 - cve-2025-0755

CVE-2025-0755 (GCVE-0-2025-0755)

Vulnerability from cvelistv5

Published

2025-03-18 09:01

Modified

2025-04-24 08:42

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

References

▼	URL	Tags
	cna@mongodb.com	https://jira.mongodb.org/browse/CDRIVER-5601
	cna@mongodb.com	https://jira.mongodb.org/browse/SERVER-94461

Impacted products

Vendor

Product

Version

▼

MongoDB Inc

libbson

Version: 0   < 1.27.5
    cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.27.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.27.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.27.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.27.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:libbson:1.27.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*

MongoDB Inc

MongoDB Server

Version: 8.0 < 8.0.1
Version: 7.0 < 7.0.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T13:20:06.283556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T13:20:24.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.26.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:libbson:1.27.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "libbson",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "1.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "8.0.1",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.16",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "selmelc"
        }
      ],
      "datePublic": "2025-03-18T09:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe various \u003ctt\u003ebson_append\u003c/tt\u003e\u0026nbsp;functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\u003c/p\u003e"
            }
          ],
          "value": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T08:42:52.079Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-94461"
        },
        {
          "url": "https://jira.mongodb.org/browse/CDRIVER-5601"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MongoDB C Driver bson library may be susceptible to buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-0755",
    "datePublished": "2025-03-18T09:01:04.793Z",
    "dateReserved": "2025-01-27T16:13:12.042Z",
    "dateUpdated": "2025-04-24T08:42:52.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0755\",\"sourceIdentifier\":\"cna@mongodb.com\",\"published\":\"2025-03-18T09:15:11.487\",\"lastModified\":\"2025-04-24T09:15:29.790\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\"},{\"lang\":\"es\",\"value\":\"Las diversas funciones bson_append de la librer\u00eda del controlador C de MongoDB pueden ser susceptibles a desbordamientos de b\u00fafer al realizar operaciones que podr\u00edan generar un documento BSON final que supere el tama\u00f1o m\u00e1ximo permitido (INT32_MAX), lo que provocar\u00eda un fallo de segmentaci\u00f3n y un posible bloqueo de la aplicaci\u00f3n. Este problema afectaba a las versiones de libbson anteriores a la 1.27.5, a las versiones de MongoDB Server v8.0 anteriores a la 8.0.1 y a las versiones de MongoDB Server v7.0 anteriores a la 7.0.16.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://jira.mongodb.org/browse/CDRIVER-5601\",\"source\":\"cna@mongodb.com\"},{\"url\":\"https://jira.mongodb.org/browse/SERVER-94461\",\"source\":\"cna@mongodb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T13:20:06.283556Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T13:20:16.529Z\"}}], \"cna\": {\"title\": \"MongoDB C Driver bson library may be susceptible to buffer overflow\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"selmelc\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.26.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:libbson:1.27.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"MongoDB Inc\", \"product\": \"libbson\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.27.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"MongoDB Inc\", \"product\": \"MongoDB Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.0.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-03-18T09:00:00.000Z\", \"references\": [{\"url\": \"https://jira.mongodb.org/browse/SERVER-94461\"}, {\"url\": \"https://jira.mongodb.org/browse/CDRIVER-5601\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The various bson_append\\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe various \u003ctt\u003ebson_append\u003c/tt\u003e\u0026nbsp;functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"shortName\": \"mongodb\", \"dateUpdated\": \"2025-04-24T08:42:52.079Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T08:42:52.079Z\", \"dateReserved\": \"2025-01-27T16:13:12.042Z\", \"assignerOrgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"datePublished\": \"2025-03-18T09:01:04.793Z\", \"assignerShortName\": \"mongodb\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2025-0587

Vulnerability from csaf_certbund

Published

2025-03-18 23:00

Modified

2025-07-29 22:00

Summary

MongoDB: Schwachstelle ermöglicht Codeausführung und DoS

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

MongoDB ist ein Open-Source-Dokumentendatenbank.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in MongoDB ausnutzen, um einen Denial of Service zu verursachen und potentiell beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MongoDB ist ein Open-Source-Dokumentendatenbank.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in MongoDB ausnutzen, um einen Denial of Service zu verursachen und potentiell beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0587 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0587.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0587 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0587"
      },
      {
        "category": "external",
        "summary": "MongoDB Advisory vom 2025-03-18",
        "url": "https://jira.mongodb.org/browse/SERVER-94461"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4160 vom 2025-05-09",
        "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4175 vom 2025-05-20",
        "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7613-1 vom 2025-07-03",
        "url": "https://ubuntu.com/security/notices/USN-7613-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7240941 vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240941"
      }
    ],
    "source_lang": "en-US",
    "title": "MongoDB: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und DoS",
    "tracking": {
      "current_release_date": "2025-07-29T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-30T09:11:45.257+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-0587",
      "initial_release_date": "2025-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-11T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-05-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-07-02T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV12.1.2",
                "product": {
                  "name": "IBM DB2 \u003cV12.1.2",
                  "product_id": "T045715"
                }
              },
              {
                "category": "product_version",
                "name": "V12.1.2",
                "product": {
                  "name": "IBM DB2 V12.1.2",
                  "product_id": "T045715-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:v12.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "libbson \u003c1.27.5",
                "product": {
                  "name": "Open Source MongoDB libbson \u003c1.27.5",
                  "product_id": "T041980"
                }
              },
              {
                "category": "product_version",
                "name": "libbson 1.27.5",
                "product": {
                  "name": "Open Source MongoDB libbson 1.27.5",
                  "product_id": "T041980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mongodb:mongodb:libbson__1.27.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server \u003c7.0.16",
                "product": {
                  "name": "Open Source MongoDB Server \u003c7.0.16",
                  "product_id": "T041997"
                }
              },
              {
                "category": "product_version",
                "name": "Server 7.0.16",
                "product": {
                  "name": "Open Source MongoDB Server 7.0.16",
                  "product_id": "T041997-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mongodb:mongodb:server__7.0.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server \u003c8.0.1",
                "product": {
                  "name": "Open Source MongoDB Server \u003c8.0.1",
                  "product_id": "T041998"
                }
              },
              {
                "category": "product_version",
                "name": "Server 8.0.1",
                "product": {
                  "name": "Open Source MongoDB Server 8.0.1",
                  "product_id": "T041998-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mongodb:mongodb:server__8.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MongoDB"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-0755",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T045715",
          "T041998",
          "T041997",
          "T041980"
        ]
      },
      "release_date": "2025-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-0755"
    }
  ]
}

fkie_cve-2025-0755

Vulnerability from fkie_nvd

Published

2025-03-18 09:15

Modified

2025-04-24 09:15

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	cna@mongodb.com	https://jira.mongodb.org/browse/CDRIVER-5601
	cna@mongodb.com	https://jira.mongodb.org/browse/SERVER-94461

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16"
    },
    {
      "lang": "es",
      "value": "Las diversas funciones bson_append de la librer\u00eda del controlador C de MongoDB pueden ser susceptibles a desbordamientos de b\u00fafer al realizar operaciones que podr\u00edan generar un documento BSON final que supere el tama\u00f1o m\u00e1ximo permitido (INT32_MAX), lo que provocar\u00eda un fallo de segmentaci\u00f3n y un posible bloqueo de la aplicaci\u00f3n. Este problema afectaba a las versiones de libbson anteriores a la 1.27.5, a las versiones de MongoDB Server v8.0 anteriores a la 8.0.1 y a las versiones de MongoDB Server v7.0 anteriores a la 7.0.16."
    }
  ],
  "id": "CVE-2025-0755",
  "lastModified": "2025-04-24T09:15:29.790",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "cna@mongodb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-18T09:15:11.487",
  "references": [
    {
      "source": "cna@mongodb.com",
      "url": "https://jira.mongodb.org/browse/CDRIVER-5601"
    },
    {
      "source": "cna@mongodb.com",
      "url": "https://jira.mongodb.org/browse/SERVER-94461"
    }
  ],
  "sourceIdentifier": "cna@mongodb.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cna@mongodb.com",
      "type": "Secondary"
    }
  ]
}

ghsa-x43h-8pfv-xx24

Vulnerability from github

Published

2025-03-18 09:31

Modified

2025-04-24 09:30

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-0755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T09:15:11Z",
    "severity": "HIGH"
  },
  "details": "The various bson_append\u00a0functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16",
  "id": "GHSA-x43h-8pfv-xx24",
  "modified": "2025-04-24T09:30:33Z",
  "published": "2025-03-18T09:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0755"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/CDRIVER-5601"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-94461"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-0755 (GCVE-0-2025-0755)

Vulnerability from cvelistv5

wid-sec-w-2025-0587

Vulnerability from csaf_certbund

fkie_cve-2025-0755

Vulnerability from fkie_nvd

ghsa-x43h-8pfv-xx24

Vulnerability from github

Tags

Sightings

Nomenclature