VDB
CVE-2025-0755
CVE-2025-0755
PUBLISHED
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
EPSS 0.15% · 35.0th percentile
Risk Scores
EPSS Score
0.15%
35.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | mongodb | 7.0.0, 8.0.0 |
| Bitnami | mongodb | 7.0.0, 8.0.0 |
Timeline
- Mar 18, 2025 EPSS Score
- Mar 18, 2025 CVE Published
- Mar 19, 2025 Coalition ESS Score
- Mar 31, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 27, 2025 EPSS Score
- May 11, 2025 EPSS Score
- May 24, 2025 EPSS Score
- Jun 6, 2025 EPSS Score
- Jun 10, 2025 Coalition ESS Score
- Jun 20, 2025 EPSS Score
- Jul 3, 2025 EPSS Score
References
- https://jira.mongodb.org/browse/CDRIVER-5601 url
- https://jira.mongodb.org/browse/SERVER-94461 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-0755 url
- https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html url
- https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html url
- Multiples vulnérabilités dans les produits IBM advisory