224 matches found
[SECURITY] Fedora 38 Update: python-cbor2-5.6.2-1.fc38
This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...
Fedora 39 : python-cbor2 (2024-4bbd13d425)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4bbd13d425 advisory. Update to latest upstream release closes rhbz2261550, closes rhbz2245361 Tenable has extracted the preceding description block directly from the Fedora...
Fedora 38 : python-cbor2 (2024-0c9aaeb447)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0c9aaeb447 advisory. Update to latest upstream release closes rhbz2261550, closes rhbz2245361 Tenable has extracted the preceding description block directly from the Fedora...
Fedora: Security Advisory for jackson-jaxrs-providers (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: jackson-jaxrs-providers-2.16.1-3.fc40
This is a multi-module project that contains Jackson-based JAX-RS providers f or following data formats: JSON, Smile binary JSON, XML, CBOR another kind of binary JSON, YAML...
PYSEC-2024-155
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
DEBIAN-CVE-2024-26134
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
CVE-2024-26134
The CVE-2024-26134 issue affects the Python cbor2 library (5.5.1–5.6.1). The root cause is a crash when processing long CBOR inputs, notably during hashing a CBORTag, leading to an availability impact. A patch is available in 5.6.2 (and later). Remediation: upgrade cbor2 to 5.6.2+ or apply the ve...
CVE-2024-26134 CBOR2 decoder has potential buffer overflow
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
Denial Of Service (DoS)
com.upokecenter: cbor is vulnerable to Denial Of Service DoS. The vulnerability is due inefficiencies within the Concise Binary Object Representation CBOR algorithm. An attacker can pass a malicious input to DecodeFromBytes to perform a DoS attack...
Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise...
CVE-2024-23684
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
Design/Logic Flaw
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
CVE-2024-23684
CVE-2024-23684 affects the Java CBOR library from com.upokecenter (CBOR) versions 4.0.0–4.5.1. The issue is an inefficient algorithmic path in DecodeFromBytes that can be exploited by a malicious input to cause a denial of service. The NVD entry notes a remote attacker scenario depending on appli...
CVE-2024-23684 upokecenter CBOR Denial of Service
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
CVE-2024-23684 upokecenter CBOR Denial of Service
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
CVE-2024-23684 upokecenter CBOR Denial of Service
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...
Denial Of Service (DOS)
PeterO.Cbor is vulnerable to Denial Of Service. The vulnerability is due to use of less efficient data structures like regular a Dictionary that are not optimized for performance. An attacker can exploit this inefficiency by decoding specially crafted CBOR data which can potentially lead to Denia...
GHSA-HF3R-VMRV-7W29 Duplicate Advisory: Denial of service in CBOR library
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r92-cgxc-r5fg. This link is maintained to preserve external references. Original Description PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger...
Algorithmic Complexity
Overview PeterO.Cbor is a C implementation of Concise Binary Object Representation CBOR. Affected versions of this package are vulnerable to Algorithmic Complexity due to use of an inefficient algorithm in the DecodeFromBytes or other decoding mechanisms. An attacker can cause a denial of service...