Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-0755

Опубликовано: 18 мар. 2025
Источник: debian
EPSS Низкий

Описание

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libbson-xs-perlremovedpackage
libbson-xs-perlfixed0.8.4-2+deb12u1bookwormpackage
mongo-c-driverfixed1.27.5-1package
mongo-c-driverfixed1.23.1-1+deb12u1bookwormpackage

Примечания

  • https://jira.mongodb.org/browse/SERVER-94461

  • Fixed by: https://github.com/mongodb/mongo-c-driver/commit/63c3d6f70180f151ffd201376eb33793357e5418 (1.28.0)

  • Fixed by: https://github.com/mongodb/mongo-c-driver/commit/d3cdb626be30748b9360451023c75438ec346a38 (1.27.5)

EPSS

Процентиль: 6%
0.00028
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-0755

CVSS3: 8.4
ubuntu
6 месяцев назад

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

nvd логотип

CVE-2025-0755

CVSS3: 8.4
nvd
6 месяцев назад

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

github логотип

GHSA-x43h-8pfv-xx24

CVSS3: 8.4
github
6 месяцев назад

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

fstec логотип

BDU:2025-03276

CVSS3: 8.4
fstec
около 1 года назад

Уязвимость функции bson_append() библиотеки libbson драйвера MongoDB C Driver системы управления базами данных MongoDB, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

redos логотип

ROS-20250903-01

CVSS3: 8.4
redos
9 дней назад

Множественные уязвимости libbson

EPSS

Процентиль: 6%
0.00028
Низкий