CVE-2025-0755
HIGH7.5EPSS 0.15%MongoDB C Driver bson library may be susceptible to buffer overflow
發布日:2025/3/18修改日:2026/4/28
描述
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
受影響套件(3)
- Bitnami/mongodb>= 7.0.0, < 7.0.16, >= 8.0.0, < 8.0.1
- Debian/libbson-xs-perlfrom 0, < 0.8.4-1+deb11u1
- Debian/mongo-c-driverfrom 0, < 1.17.6-1+deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(6)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-0755
- WEBhttps://jira.mongodb.org/browse/CDRIVER-5601
- WEBhttps://jira.mongodb.org/browse/SERVER-94461
- WEBhttps://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
- WEBhttps://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-0755