{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-0755","assignerOrgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","state":"PUBLISHED","assignerShortName":"mongodb","dateReserved":"2025-01-27T16:13:12.042Z","datePublished":"2025-03-18T09:01:04.793Z","dateUpdated":"2025-11-03T19:35:09.738Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.26.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.27.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.27.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.27.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.27.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.27.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.27.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"libbson","vendor":"MongoDB Inc","versions":[{"lessThan":"1.27.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"MongoDB Server","vendor":"MongoDB Inc","versions":[{"lessThan":"8.0.1","status":"affected","version":"8.0","versionType":"custom"},{"lessThan":"7.0.16","status":"affected","version":"7.0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"selmelc"}],"datePublic":"2025-03-18T09:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The various <tt>bson_append</tt>&nbsp;functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16</p>"}],"value":"The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"CWE-122: Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","shortName":"mongodb","dateUpdated":"2025-04-24T08:42:52.079Z"},"references":[{"url":"https://jira.mongodb.org/browse/SERVER-94461"},{"url":"https://jira.mongodb.org/browse/CDRIVER-5601"}],"source":{"discovery":"EXTERNAL"},"title":"MongoDB C Driver bson library may be susceptible to buffer overflow","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-18T13:20:06.283556Z","id":"CVE-2025-0755","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-18T13:20:24.560Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:35:09.738Z"}}]}}