Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-94461

Upgrade mongo-c-driver to 1.27.5+

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.1.0-rc0, 8.0.1, 7.0.16
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Fully Compatible
    • v8.0, v7.0, v6.0, v5.0
    • Security 2024-09-16

      CVE ID:
      CVE-2025-0755

      Title:
      MongoDB C Driver bson library may be susceptible to buffer overflow

      Description:
      The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

      CWE:

      CWE-122: Heap-based Buffer Overflow

      CVSS Score: 

      8.4 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

      List all affected product versions:
      libbson versions prior to 1.27.5

      MongoDB Server v8.0 versions prior to 8.0.1

      MongoDB Server v7.0 versions prior to 7.0.16

      Credit:

      selmelc

            Assignee:
            sara.golemon@mongodb.com Sara Golemon (Inactive)
            Reporter:
            ryan.chipman@mongodb.com Ryan Chipman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: