CVE-2025-0755

MongoDB C Driver bson library may be susceptible to buffer overflow

CVSS 8.4 HIGHEPSS 0.7%CWE-122

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.4EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

18 mar 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

MongoDB Inc · libbson MongoDB Inc · MongoDB Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jira.mongodb.org/browse/CDRIVER-5601 https://jira.mongodb.org/browse/SERVER-94461 https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html