PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of
service vulnerability. An attacker may trigger the denial of service
condition by providing crafted data to the DecodeFromBytes or other
decoding mechanisms in PeterO.Cbor. Depending on the usage of the
library, an unauthenticated and remote attacker may be able to cause the
denial of service condition.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-6r92-cgxc-r5fg | Third Party Advisory |
https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 | Patch |
https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 | Release Notes |
https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg | Third Party Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg | Third Party Advisory |
Configurations
History
08 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:* |
11 Jan 2024, 17:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 - Patch | |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg - Third Party Advisory | |
References | () https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg - Third Party Advisory | |
References | () https://github.com/advisories/GHSA-6r92-cgxc-r5fg - Third Party Advisory | |
References | () https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 - Release Notes | |
CPE | cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:net:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-407 | |
First Time |
Peteroupc
Peteroupc cbor |
03 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 16:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-21909
Mitre link : CVE-2024-21909
CVE.ORG link : CVE-2024-21909
JSON object : View
Products Affected
peteroupc
- cbor
CWE
CWE-407
Inefficient Algorithmic Complexity