MongoDB Libbson 1.23.4
Approved changes feed: RSS · Atom
cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*
part: a version: 1.23.4 update: *
| Vendor | Mongodb (1aa156a6-63a9-5032-baaf-10197d408a1e) |
|---|---|
| Product | Libbson (a272f9de-eb91-58f1-be13-44c7e288aa35) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/libbson |
purl2cpe | 2026-06-01 10:11:17.690196 |
pkg:deb/ubuntu/libbson |
purl2cpe | 2026-06-01 10:11:17.690198 |
pkg:github/mongodb/libbson |
purl2cpe | 2026-06-01 10:11:17.690199 |
pkg:github/mongodb/mongo-c-driver |
purl2cpe | 2026-06-01 10:11:17.690200 |
pkg:rpm/fedora/libbson |
purl2cpe | 2026-06-01 10:11:17.690202 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-0755 |
vulnerable | 2026-06-03 14:58:32.839250 |
MongoDB C Driver bson library may be susceptible to buffer overflow
HIGH (8.4)
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
Published: 2025-03-18T09:01:04.793Z
Updated: 2025-11-03T19:35:09.738Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6381 |
vulnerable | 2026-06-03 14:58:02.901751 |
MongoDB C Driver bson_strfreev may be susceptible to integer overflow
MEDIUM (4)
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Published: 2024-07-02T17:14:48.908Z
Updated: 2025-11-03T19:34:28.669Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.