Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-5601

[mongoc/libbson] bson_append_utf8 heap buffer overflow

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.28.0, 1.27.5
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • C Drivers
    • Not Needed
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:
      CVE-2025-0755

      Title:
      MongoDB C Driver bson library may be susceptible to buffer overflow

      Description:
      The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

      CWE:

      CWE-122: Heap-based Buffer Overflow

      CVSS Score: 

      8.4 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

      List all affected product versions:
      libbson versions prior to 1.27.5

      MongoDB Server v8.0 versions prior to 8.0.1

      MongoDB Server v7.0 versions prior to 7.0.16

      Credit:

      selmelc

            Assignee:
            roberto.sanchez@mongodb.com Roberto Sanchez
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: