Linux Distros Unpatched Vulnerability : CVE-2024-26134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to...

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning ML model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine...

Fedora: Security Advisory for python-cbor2 (FEDORA-2024-0c9aaeb447)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : python-cbor2 (2024-619ac47ce9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-619ac47ce9 advisory. Update to latest upstream release closes rhbz2261550, closes rhbz2245361 Tenable has extracted the preceding description block directly from the Fedora...

Fedora 39 : python-cbor2 (2024-4bbd13d425)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4bbd13d425 advisory. Update to latest upstream release closes rhbz2261550, closes rhbz2245361 Tenable has extracted the preceding description block directly from the Fedora...

CVE-2024-26134 CBOR2 decoder has potential buffer overflow

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

CVE-2024-26134

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

Insecure deserialization in Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

Insecure Deserialization

wire allows insecure deserialization. The way the type information is handled in its serialization format allows an attacker to pass malicious payloads a different type for the receiving end to the deserializer and potentially cause unexpected application behavior...

Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps

Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...

What stealthy attacks are hiding in API data — and why do most WAF miss them?!

Is JSON really more secure than other data encoding formats? JSON is a serialization format that allows users to 1 send objects as strings and then 2 it sends applications to recover objects from those strings. So, the short answer is that the JSON format as dangerous as other serialization...

. NET advanced code audit, the eleventh classes LosFormatter to deserialize vulnerability-vulnerability warning-the black bar safety net

LosFormatter is generally used to serialize and deserialize the Web form page's view statethe ViewState, if you want to put the ViewState through a database or other persistence devices to maintain, it requires the use of specific LosFormatter class to serialize/deserialized. It is encapsulated i...

RedHat Update for libyaml RHSA-2015:0100-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-0057

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...