Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-0755

Опубликовано: 18 мар. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 8.4

Описание

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

РелизСтатусПримечание
devel

not-affected

esm-apps/focal

ignored

changes too intrusive
esm-apps/jammy

ignored

changes too intrusive
esm-apps/noble

released

1.26.0-1.1ubuntu2+esm1
focal

ignored

end of standard support, was needs-triage
jammy

ignored

changes too intrusive
noble

needed

oracular

not-affected

1.27.5-1
plucky

not-affected

questing

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%
0.00199
Низкий

8.4 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-0755

CVSS3: 8.4
nvd
10 месяцев назад

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

debian логотип

CVE-2025-0755

CVSS3: 8.4
debian
10 месяцев назад

The various bson_appendfunctions in the MongoDB C driver library may b ...

github логотип

GHSA-x43h-8pfv-xx24

CVSS3: 8.4
github
10 месяцев назад

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

fstec логотип

BDU:2025-03276

CVSS3: 8.4
fstec
больше 1 года назад

Уязвимость функции bson_append() библиотеки libbson драйвера MongoDB C Driver системы управления базами данных MongoDB, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

redos логотип

ROS-20250903-01

CVSS3: 8.4
redos
5 месяцев назад

Множественные уязвимости libbson

EPSS

Процентиль: 42%
0.00199
Низкий

8.4 High

CVSS3