CVE-2025-0755
- Source
- https://cve.org/CVERecord?id=CVE-2025-0755
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0755.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-0755
- Aliases
- Downstream
- Published
- 2025-03-18T09:15:11.487Z
- Modified
- 2026-04-12T17:35:43.771681Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
- References
Affected packages
Git / github.com/mongodb/mongo
Affected ranges
Affected versions
0.*
0.9.1
0.90.0
0.92.0
0.92.2
0.94.0
0.94.2
0.96.0
0.96.4
0.98.0
0.98.2
1.*
1.0.0
1.0.2
1.1.0
1.1.0-rc0
1.1.10
1.1.11
1.1.2
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.11.0
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.3.0
1.3.0-rc0
1.4.0-beta1
1.5.0-rc0
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.0-rc4
1.6.0
1.6.0-rc0
1.7-cut
1.7.0-rc0
1.9.0-rc0
1.9.0-rc1
r0.*
r0.0.3
r0.0.4_rc1
r0.0.6_rc1
r0.0.7_rc1
r0.0.7_rc2
r0.0.7_rc3
r0.0.7_rc4
r0.0.9_rc1
r0.1.0_rc1
r0.1.2_rc1
r0.1.3_rc1
r0.1.4_rc1
r0.1.5_rc1
r0.1.6_rc1
r0.2.1
r0.9.1
r0.9.10
r0.9.5
r0.9.6
r0.9.8
r0.9.9
r1.*
r1.1.1
r1.1.3
r1.3.0
r1.3.4
r1.5.0
r1.5.1
r1.5.2
r1.5.5
r1.5.6
r1.7.5
r1.7.6
r1.8.0-rc0
r2.*
r2.1.1
r2.1.2
r2.2.0-rc0
r2.3.1
r2.3.2
r2.4.0-rc0
r2.4.0-rc1
r2.4.0-rc2
r2.4.0.rc1
r2.5.1
r2.5.2
r2.5.3
r2.5.4
r2.5.5
r2.6.0-rc0
r2.6.0-rc1
r2.7.0
r2.7.1
r2.7.2
r2.7.3
r2.7.4
r2.7.5
r2.7.6
r2.7.7
r2.7.8
r2.8.0-rc0
r2.8.0-rc1
r2.8.0-rc2
r2.8.0-rc3
r2.8.0-rc4
r2.8.0-rc5
r3.*
r3.1.0
r3.1.1
r3.1.2
r3.1.3
r3.1.4
r3.1.5
r3.1.6
r3.1.7
r3.1.8
r3.1.9
r3.2.0
r3.2.0-rc0
r3.2.0-rc1
r3.2.0-rc2
r3.2.0-rc3
r3.2.0-rc4
r3.2.0-rc5
r3.2.0-rc6
r3.3.0
r3.3.1
r3.3.10
r3.3.11
r3.3.12
r3.3.13
r3.3.14
r3.3.15
r3.3.2
r3.3.3
r3.3.4
r3.3.5
r3.3.6
r3.3.7
r3.3.8
r3.3.9
r3.4.0-rc0
r3.4.0-rc1
r3.4.0-rc2
r3.4.0-rc3
r3.5.0
r3.5.1
r3.5.10
r3.5.11
r3.5.12
r3.5.13
r3.5.2
r3.5.3
r3.5.4
r3.5.5
r3.5.6
r3.5.7
r3.5.8
r3.5.9
r3.6.0-rc0
r3.6.0-rc1
r3.6.0-rc2
r3.6.0-rc3
r3.6.0-rc4
r3.7.0
r3.7.1
r3.7.2
r3.7.3
r3.7.4
r3.7.5
r3.7.6
r3.7.7
r3.7.8
r3.7.9
r4.*
r4.0.0-rc0
r4.1.0
r4.1.1
r4.1.10
r4.1.11
r4.1.12
r4.1.13
r4.1.2
r4.1.3
r4.1.4
r4.1.5
r4.1.6
r4.1.7
r4.1.8
r4.1.9
r4.3.0
r4.3.1
r4.3.2
r4.3.3
r4.3.4
r4.5.0
r4.8.0-alpha
r4.9.0-alpha
r4.9.0-alpha0
r4.9.0-alpha1
r4.9.0-alpha2
r4.9.0-alpha3
r4.9.0-alpha4
r4.9.0-alpha5
r4.9.0-alpha6
r4.9.0-alpha7
r5.*
r5.0.0-alpha
r5.0.0-alpha0
r5.1.0-alpha
r5.2.0-alpha
r5.3.0-alpha
r5.3.0-alpha0
r5.3.0-alpha1
r5.3.0-alpha2
r5.3.0-alpha3
r5.3.0-alpha4
r6.*
r6.0.0-alpha
r6.0.0-alpha0
r6.0.0-alpha1
r6.1.0-alpha
r6.2.0-alpha
r6.3.0-alpha
r6.3.0-alpha0
r6.3.0-rc0
r7.*
r7.0.0
r7.0.0-alpha
r7.0.0-alpha0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r7.1.0-alpha
r7.1.0-alpha0
r7.2.0-alpha
r7.2.0-alpha0
r7.3.0-alpha
r7.3.0-alpha0
r7.3.0-alpha1
r7.3.0-rc0
r8.*
r8.0.0
r8.0.0-alpha
r8.0.0-alpha0
r8.0.0-alpha1
r8.0.0-alpha2
r8.0.0-rc0
r8.0.0-rc1
r8.0.0-rc10
r8.0.0-rc11
r8.0.0-rc12
r8.0.0-rc13
r8.0.0-rc14
r8.0.0-rc15
r8.0.0-rc16
r8.0.0-rc17
r8.0.0-rc18
r8.0.0-rc19
r8.0.0-rc2
r8.0.0-rc20
r8.0.0-rc3
r8.0.0-rc4
r8.0.0-rc5
r8.0.0-rc6
r8.0.0-rc7
r8.0.0-rc8
r8.0.0-rc9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0755.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"289615031260393640600166978000810598326",
"174263353031095360354811222590375994238",
"37893113743661401367433766006617245139",
"198144288324145422179690954053153156848",
"36736246737633378293539884485657169555",
"107960196219712511888740040531924676267",
"206814875902817473337604736024570314060",
"53794623527901874886021005038858917961",
"86216376997418627178498948009103823509",
"288140461283838078858484965111659814713",
"10494605545332134506779439480935528073",
"247093533371582096541006174949470880670",
"238562345504294130821711521928913826245",
"40087696666882332579116474790751576649",
"178274430025655671790804198721508786684",
"305981361343553242930562815423828793219",
"5425285738287593101438645327605096452",
"156448683704151910540358080284558968747",
"211541693896111393054536435571123395187",
"270125743232337666654344342259579419777",
"199307348140951533813034461210201531339",
"158338784605393838348032193174577480773",
"192065423660775606198050130755657769016",
"164808174757467748202056433614118846976",
"257873045955097889346597301578982132831",
"206036861653635625985012625410408853630",
"33564014120465565687393381457032042640",
"203221042432156515722803349853247916204",
"76821125106791797375526121394193145082",
"155500411777895219702765076758184467317"
]
},
"id": "CVE-2025-0755-f4e7f784",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mongodb/mongo/commit/83c3f10433284e1296498e90d8e1439af951deec",
"target": {
"file": "src/mongo/bson/bsonelement.cpp"
}
}
]
vanir_signatures_modified
"2026-04-12T17:35:43Z"