Description
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
References (2)
Core 2
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
Various Sources vendor-advisory
https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890
Scores
CVSS v3
9.8
EPSS
0.0060
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-1104
CWE-122
CWE-190
Status
published
Products (1)
MONGODB/BSON::XS
< 0.8.4
Published
May 16, 2025
Tracked Since
Feb 18, 2026