25 matches found
[SECURITY] Fedora 43 Update: python-cbor2-5.6.5-8.fc43
This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...
PT-2026-27176
Name of the Vulnerable Software and Affected Versions cbor2 versions prior to 5.9.0 Description The cbor2 library is susceptible to a Denial of Service DoS attack due to uncontrolled recursion when decoding deeply nested CBOR structures. This affects both the pure Python implementation and the C...
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-64076
CVE-2025-64076 affects the cbor2 library (Python CBOR) via the C extension decode_definite_long_string() in source/decoder.c. The advisory describes two issues: (1) an integer underflow in chunk processing leads to out-of-bounds reads, potentially triggering resource exhaustion; (2) a missing Py_...
Linux Distros Unpatched Vulnerability : CVE-2024-26134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to...
CVE-2025-21432
Memory corruption while retrieving the CBOR data from TA...
Qualcomm Chipsets 资源管理错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when retrieving CBOR data from TA...
wireshark: Uncontrolled Recursion in Wireshark
A flaw was found in Wireshark. Bundle Protocol and CBOR dissector crashes in Wireshark allow denial of service via packet injection or crafted capture file...
CVE-2024-23684
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...
UBUNTU-CVE-2023-52781
In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...
DEBIAN-CVE-2023-52477
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...
SUSE CVE-2024-26134
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
PYSEC-2024-155
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
CVE-2024-26134
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
Design/Logic Flaw
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
PT-2024-40687 · Fasterxml · Jackson Dataformat Cbor
Name of the Vulnerable Software and Affected Versions: Jackson dataformat CBOR affected versions not specified Description: The issue is related to a security exception in the Jackson dataformat CBOR library. The crash occurs in the java.base/java.util.Arrays.copyOf method, which is called by...
GHSA-HFJ8-63C8-RMFW Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise...
CVE-2024-23684 upokecenter CBOR Denial of Service
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
CVE-2024-23684 upokecenter CBOR Denial of Service
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...