{"id":"CVE-2025-0755","details":"The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16","aliases":["BIT-mongodb-2025-0755"],"modified":"2026-04-12T17:35:43.771681Z","published":"2025-03-18T09:15:11.487Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"},{"type":"REPORT","url":"https://jira.mongodb.org/browse/CDRIVER-5601"},{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-94461"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"83c3f10433284e1296498e90d8e1439af951deec"},{"introduced":"0"},{"last_affected":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.0.16"},{"introduced":"0"},{"last_affected":"8.0.0"}]}},{"type":"GIT","repo":"https://github.com/mongodb/mongo-c-driver","events":[{"introduced":"0"},{"fixed":"01decf26c18b1b89d97d3b55317910a3460741ae"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.27.5"}]}}],"versions":["0.9.1","0.90.0","0.92.0","0.92.2","0.94.0","0.94.2","0.96.0","0.96.4","0.98.0","0.98.2","1.0.0","1.0.2","1.1.0","1.1.0-rc0","1.1.10","1.1.11","1.1.2","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.11.0","1.27.0","1.27.1","1.27.2","1.27.3","1.27.4","1.3.0","1.3.0-rc0","1.4.0-beta1","1.5.0-rc0","1.5.0-rc1","1.5.0-rc2","1.5.0-rc3","1.5.0-rc4","1.6.0","1.6.0-rc0","1.7-cut","1.7.0-rc0","1.9.0-rc0","1.9.0-rc1","r0.0.3","r0.0.4_rc1","r0.0.6_rc1","r0.0.7_rc1","r0.0.7_rc2","r0.0.7_rc3","r0.0.7_rc4","r0.0.9_rc1","r0.1.0_rc1","r0.1.2_rc1","r0.1.3_rc1","r0.1.4_rc1","r0.1.5_rc1","r0.1.6_rc1","r0.2.1","r0.9.1","r0.9.10","r0.9.5","r0.9.6","r0.9.8","r0.9.9","r1.1.1","r1.1.3","r1.3.0","r1.3.4","r1.5.0","r1.5.1","r1.5.2","r1.5.5","r1.5.6","r1.7.5","r1.7.6","r1.8.0-rc0","r2.1.1","r2.1.2","r2.2.0-rc0","r2.3.1","r2.3.2","r2.4.0-rc0","r2.4.0-rc1","r2.4.0-rc2","r2.4.0.rc1","r2.5.1","r2.5.2","r2.5.3","r2.5.4","r2.5.5","r2.6.0-rc0","r2.6.0-rc1","r2.7.0","r2.7.1","r2.7.2","r2.7.3","r2.7.4","r2.7.5","r2.7.6","r2.7.7","r2.7.8","r2.8.0-rc0","r2.8.0-rc1","r2.8.0-rc2","r2.8.0-rc3","r2.8.0-rc4","r2.8.0-rc5","r3.1.0","r3.1.1","r3.1.2","r3.1.3","r3.1.4","r3.1.5","r3.1.6","r3.1.7","r3.1.8","r3.1.9","r3.2.0","r3.2.0-rc0","r3.2.0-rc1","r3.2.0-rc2","r3.2.0-rc3","r3.2.0-rc4","r3.2.0-rc5","r3.2.0-rc6","r3.3.0","r3.3.1","r3.3.10","r3.3.11","r3.3.12","r3.3.13","r3.3.14","r3.3.15","r3.3.2","r3.3.3","r3.3.4","r3.3.5","r3.3.6","r3.3.7","r3.3.8","r3.3.9","r3.4.0-rc0","r3.4.0-rc1","r3.4.0-rc2","r3.4.0-rc3","r3.5.0","r3.5.1","r3.5.10","r3.5.11","r3.5.12","r3.5.13","r3.5.2","r3.5.3","r3.5.4","r3.5.5","r3.5.6","r3.5.7","r3.5.8","r3.5.9","r3.6.0-rc0","r3.6.0-rc1","r3.6.0-rc2","r3.6.0-rc3","r3.6.0-rc4","r3.7.0","r3.7.1","r3.7.2","r3.7.3","r3.7.4","r3.7.5","r3.7.6","r3.7.7","r3.7.8","r3.7.9","r4.0.0-rc0","r4.1.0","r4.1.1","r4.1.10","r4.1.11","r4.1.12","r4.1.13","r4.1.2","r4.1.3","r4.1.4","r4.1.5","r4.1.6","r4.1.7","r4.1.8","r4.1.9","r4.3.0","r4.3.1","r4.3.2","r4.3.3","r4.3.4","r4.5.0","r4.8.0-alpha","r4.9.0-alpha","r4.9.0-alpha0","r4.9.0-alpha1","r4.9.0-alpha2","r4.9.0-alpha3","r4.9.0-alpha4","r4.9.0-alpha5","r4.9.0-alpha6","r4.9.0-alpha7","r5.0.0-alpha","r5.0.0-alpha0","r5.1.0-alpha","r5.2.0-alpha","r5.3.0-alpha","r5.3.0-alpha0","r5.3.0-alpha1","r5.3.0-alpha2","r5.3.0-alpha3","r5.3.0-alpha4","r6.0.0-alpha","r6.0.0-alpha0","r6.0.0-alpha1","r6.1.0-alpha","r6.2.0-alpha","r6.3.0-alpha","r6.3.0-alpha0","r6.3.0-rc0","r7.0.0","r7.0.0-alpha","r7.0.0-alpha0","r7.0.1","r7.0.1-rc0","r7.0.10","r7.0.10-rc0","r7.0.11","r7.0.11-rc0","r7.0.11-rc1","r7.0.11-rc2","r7.0.12","r7.0.12-rc0","r7.0.12-rc1","r7.0.13","r7.0.13-rc0","r7.0.13-rc1","r7.0.14","r7.0.14-rc0","r7.0.15","r7.0.15-rc0","r7.0.15-rc1","r7.0.2","r7.0.2-rc0","r7.0.2-rc1","r7.0.2-rc2","r7.0.3","r7.0.3-rc0","r7.0.3-rc1","r7.0.4","r7.0.4-rc0","r7.0.5","r7.0.5-rc0","r7.0.6","r7.0.6-rc0","r7.0.7","r7.0.7-rc0","r7.0.7-rc1","r7.0.7-rc2","r7.0.8","r7.0.8-rc0","r7.0.9","r7.0.9-rc0","r7.0.9-rc1","r7.1.0-alpha","r7.1.0-alpha0","r7.2.0-alpha","r7.2.0-alpha0","r7.3.0-alpha","r7.3.0-alpha0","r7.3.0-alpha1","r7.3.0-rc0","r8.0.0","r8.0.0-alpha","r8.0.0-alpha0","r8.0.0-alpha1","r8.0.0-alpha2","r8.0.0-rc0","r8.0.0-rc1","r8.0.0-rc10","r8.0.0-rc11","r8.0.0-rc12","r8.0.0-rc13","r8.0.0-rc14","r8.0.0-rc15","r8.0.0-rc16","r8.0.0-rc17","r8.0.0-rc18","r8.0.0-rc19","r8.0.0-rc2","r8.0.0-rc20","r8.0.0-rc3","r8.0.0-rc4","r8.0.0-rc5","r8.0.0-rc6","r8.0.0-rc7","r8.0.0-rc8","r8.0.0-rc9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T17:35:43Z","vanir_signatures":[{"signature_type":"Line","target":{"file":"src/mongo/bson/bsonelement.cpp"},"source":"https://github.com/mongodb/mongo/commit/83c3f10433284e1296498e90d8e1439af951deec","digest":{"line_hashes":["289615031260393640600166978000810598326","174263353031095360354811222590375994238","37893113743661401367433766006617245139","198144288324145422179690954053153156848","36736246737633378293539884485657169555","107960196219712511888740040531924676267","206814875902817473337604736024570314060","53794623527901874886021005038858917961","86216376997418627178498948009103823509","288140461283838078858484965111659814713","10494605545332134506779439480935528073","247093533371582096541006174949470880670","238562345504294130821711521928913826245","40087696666882332579116474790751576649","178274430025655671790804198721508786684","305981361343553242930562815423828793219","5425285738287593101438645327605096452","156448683704151910540358080284558968747","211541693896111393054536435571123395187","270125743232337666654344342259579419777","199307348140951533813034461210201531339","158338784605393838348032193174577480773","192065423660775606198050130755657769016","164808174757467748202056433614118846976","257873045955097889346597301578982132831","206036861653635625985012625410408853630","33564014120465565687393381457032042640","203221042432156515722803349853247916204","76821125106791797375526121394193145082","155500411777895219702765076758184467317"],"threshold":0.9},"deprecated":false,"id":"CVE-2025-0755-f4e7f784","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0755.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}