CVE-2025-0755

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/CDRIVER-5601
https://jira.mongodb.org/browse/SERVER-94461

Configurations

No configuration.

History

24 Apr 2025, 09:15

Type	Values Removed	Values Added
References		() https://jira.mongodb.org/browse/CDRIVER-5601 -
Summary		(es) Las diversas funciones bson_append de la librería del controlador C de MongoDB pueden ser susceptibles a desbordamientos de búfer al realizar operaciones que podrían generar un documento BSON final que supere el tamaño máximo permitido (INT32_MAX), lo que provocaría un fallo de segmentación y un posible bloqueo de la aplicación. Este problema afectaba a las versiones de libbson anteriores a la 1.27.5, a las versiones de MongoDB Server v8.0 anteriores a la 8.0.1 y a las versiones de MongoDB Server v7.0 anteriores a la 7.0.16.

18 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-18 09:15

Updated : 2025-04-24 09:15

NVD link : CVE-2025-0755

Mitre link : CVE-2025-0755

CVE.ORG link : CVE-2025-0755

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

8.4 /10