CVE-2024-21909

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
Configurations

Configuration 1 (hide)

cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*

History

08 Feb 2024, 02:15

Type Values Removed Values Added
CPE cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:net:*:* cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*

11 Jan 2024, 17:50

Type Values Removed Values Added
References () https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 - () https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 - Patch
References () https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg - () https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg - Third Party Advisory
References () https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg - () https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg - Third Party Advisory
References () https://github.com/advisories/GHSA-6r92-cgxc-r5fg - () https://github.com/advisories/GHSA-6r92-cgxc-r5fg - Third Party Advisory
References () https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 - () https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 - Release Notes
CPE cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:net:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-407
First Time Peteroupc
Peteroupc cbor

03 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 16:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-21909

Mitre link : CVE-2024-21909

CVE.ORG link : CVE-2024-21909


JSON object : View

Products Affected

peteroupc

  • cbor
CWE
CWE-407

Inefficient Algorithmic Complexity