{"id":10512,"date":"2025-03-20T09:42:30","date_gmt":"2025-03-20T14:42:30","guid":{"rendered":"https:\/\/beaconlab.us\/?post_type=publicacion&#038;p=10512"},"modified":"2025-03-20T09:44:28","modified_gmt":"2025-03-20T14:44:28","slug":"alerta-2025-22-nueva-vulnerabilidad-en-mongodb","status":"publish","type":"publicacion","link":"https:\/\/beaconlab.us\/es\/publicacion\/alerta-2025-22-nueva-vulnerabilidad-en-mongodb\/","title":{"rendered":"Alerta 2025-22 Nueva vulnerabilidad en MongoDB"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Producto(s) afectado(s):&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>libbson: Versiones anteriores a 1.27.5<\/li>\n\n\n\n<li>MongoDB Server v8.0: Versiones anteriores a 8.0.1<\/li>\n\n\n\n<li>MongoDB Server v7.0: Versiones anteriores a 7.0.16<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Descripci\u00f3n<\/h2>\n\n\n\n<p>Se ha identificado una vulnerabilidad cr\u00edtica en la biblioteca de controladores C de MongoDB que permite un&nbsp;<strong>desbordamiento de b\u00fafer<\/strong>, etiquetada como&nbsp;<strong>CVE-2025-0755<\/strong>&nbsp;&nbsp;con un&nbsp;<strong>CVSS de 8.4.<\/strong><\/p>\n\n\n\n<p>Espec\u00edficamente en las funciones bson_append, esta falla permite un&nbsp;<strong>desbordamiento de b\u00fafer<\/strong>, lo que podr\u00eda provocar una falla de segmentaci\u00f3n y un bloqueo inesperado de la aplicaci\u00f3n. El problema ocurre cuando bson_append genera un documento BSON que supera el tama\u00f1o m\u00e1ximo permitido (<strong>INT32_MAX<\/strong>), lo que puede comprometer la estabilidad del sistema.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Soluci\u00f3n<\/h2>\n\n\n\n<p>Se recomienda actualizar de inmediato a las versiones corregidas para mitigar riesgos de explotaci\u00f3n:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>libbson 1.27.5 o superior<\/strong><\/li>\n\n\n\n<li><strong>MongoDB Server v8.0.1 o superior<\/strong><\/li>\n\n\n\n<li><strong>MongoDB Server v7.0.16 o superior<\/strong><\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/www.mongodb.com\/try\/download\/community\">https:\/\/www.mongodb.com\/try\/download\/community<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Informaci\u00f3n adicional:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.incibe.es\/incibe-cert\/alerta-temprana\/vulnerabilidades\/cve-2025-0755\">https:\/\/www.incibe.es\/incibe-cert\/alerta-temprana\/vulnerabilidades\/cve-2025-0755<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/securityonline.info\/cve-2025-0755-mongodb-c-driver-vulnerability-could-lead-to-buffer-overflow\/\">https:\/\/securityonline.info\/cve-2025-0755-mongodb-c-driver-vulnerability-could-lead-to-buffer-overflow\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0755\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0755<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":10513,"template":"","class_list":["post-10512","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry"],"acf":{"activar_pdf_link":true,"pdf":10518,"numero_de_boletin":"22","traffic_light_protocol":"White"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10512","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/types\/publicacion"}],"version-history":[{"count":2,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10512\/revisions"}],"predecessor-version":[{"id":10520,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10512\/revisions\/10520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media\/10513"}],"wp:attachment":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media?parent=10512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}