CVE-2025-12119

NameCVE-2025-12119
DescriptionA mongoc_bulk_operation_t may read invalid memory if large options are passed.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4438-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mongo-c-driver (PTS)bullseye1.17.6-1vulnerable
bullseye (security)1.17.6-1+deb11u2fixed
bookworm1.23.1-1+deb12u2fixed
trixie1.30.4-1+deb13u1fixed
forky, sid2.2.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mongo-c-driversourcebullseye1.17.6-1+deb11u2DLA-4438-1
mongo-c-driversourcebookworm1.23.1-1+deb12u2
mongo-c-driversourcetrixie1.30.4-1+deb13u1
mongo-c-driversource(unstable)2.1.2-1

Notes

https://github.com/mongodb/mongo-c-driver/pull/2132
Search for package or bug name: Reporting problems