Security Advisories (3)

CVE-2025-40906 (2025-05-16)

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

CVE-2024-6383 (2024-07-03)

The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

CVE-2023-0437 (2024-01-12)

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

NAME

BSON::XS - XS implementation of MongoDB's BSON serialization (EOL)

VERSION

version v0.8.4

END OF LIFE NOTICE

Version v0.8.0 was the final feature release of the MongoDB BSON::XS library and v0.8.4 is the final patch release.

As of August 13, 2020, the MongoDB Perl driver and related libraries have reached end of life and are no longer supported by MongoDB. See the August 2019 deprecation notice for rationale.

If members of the community wish to continue development, they are welcome to fork the code under the terms of the Apache 2 license and release it under a new namespace. Specifications and test files for MongoDB drivers and libraries are published in an open repository: mongodb/specifications.

DESCRIPTION

This module contains an XS implementation for BSON encoding and decoding. There is no public API. Use the BSON module and it will choose the best implementation for you.

AUTHOR

David Golden <david@mongodb.com>

CONTRIBUTOR

Paul "LeoNerd" Evans <leonerd@leonerd.org.uk>

COPYRIGHT AND LICENSE

This is free software, licensed under:

The Apache License, Version 2.0, January 2004

To install BSON::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm BSON::XS

CPAN shell

perl -MCPAN -e shell
install BSON::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)