CVE-2024-26134
CBOR2 decoder has potential buffer overflow
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
agronholm · cbor2Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873dfhttps://github.com/agronholm/cbor2/pull/204https://github.com/agronholm/cbor2/releases/tag/5.6.2https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7mhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/