📦

libbson

Vendor: mongodb

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.47% Exploit Prob.

Latest CVE CVE-2025-0755 Mar 18

Security Vulnerability Index

Page 1 / 1

8.4 CVSS

CVE-2025-0755

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16

EPSS: 0.15%

Severity: HIGH

Mar 18, 2025

4.0 CVSS

CVE-2024-6381

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

EPSS: 0.61%

Severity: MEDIUM

Jul 02, 2024

8.1 CVSS

CVE-2018-16790

_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.

EPSS: 0.66%

Severity: HIGH

Sep 10, 2018

Displaying 3 of 4 Total Entries

Total 1 Sections