CVE-2025-0755
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-0755
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0755.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-0755
- Aliases
- Downstream
- Published
- 2025-03-18T09:15:11Z
- Modified
- 2025-10-16T18:40:56.710772Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
- References
Affected packages
Git / github.com/mongodb/mongo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mongodb/mongo
- Events
- Type
- GIT
- Repo
- https://github.com/mongodb/mongo-c-driver
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.90.0
0.92.0
0.92.2
0.94.0
0.94.2
0.96.0
0.96.4
0.98.0
0.98.2
1.*
1.0.0
1.0.2
1.1.0
1.1.0-rc0
1.1.10
1.1.11
1.1.2
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.11.0
1.2.0
1.2.0-beta
1.2.0-beta1
1.2.0-rc0
1.2.1
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.3.0
1.3.0-rc0
1.4.0-beta1
1.5.0-rc0
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.0-rc4
1.6.0
1.6.0-rc0
1.7.0-rc0
1.9.0-rc0
1.9.0-rc1
r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2025-0755-f4e7f784",
"source": "https://github.com/mongodb/mongo/commit/83c3f10433284e1296498e90d8e1439af951deec",
"signature_version": "v1",
"target": {
"file": "src/mongo/bson/bsonelement.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"289615031260393640600166978000810598326",
"174263353031095360354811222590375994238",
"37893113743661401367433766006617245139",
"198144288324145422179690954053153156848",
"36736246737633378293539884485657169555",
"107960196219712511888740040531924676267",
"206814875902817473337604736024570314060",
"53794623527901874886021005038858917961",
"86216376997418627178498948009103823509",
"288140461283838078858484965111659814713",
"10494605545332134506779439480935528073",
"247093533371582096541006174949470880670",
"238562345504294130821711521928913826245",
"40087696666882332579116474790751576649",
"178274430025655671790804198721508786684",
"305981361343553242930562815423828793219",
"5425285738287593101438645327605096452",
"156448683704151910540358080284558968747",
"211541693896111393054536435571123395187",
"270125743232337666654344342259579419777",
"199307348140951533813034461210201531339",
"158338784605393838348032193174577480773",
"192065423660775606198050130755657769016",
"164808174757467748202056433614118846976",
"257873045955097889346597301578982132831",
"206036861653635625985012625410408853630",
"33564014120465565687393381457032042640",
"203221042432156515722803349853247916204",
"76821125106791797375526121394193145082",
"155500411777895219702765076758184467317"
]
},
"deprecated": false
}
]