CVE-2024-26134
CBOR2 decoder has potential buffer overflow
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
agronholm · cbor2¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873dfhttps://github.com/agronholm/cbor2/pull/204https://github.com/agronholm/cbor2/releases/tag/5.6.2https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7mhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/