Lucene search
+L

224 matches found

Fedora
Fedora
added 2024/04/17 2:11 a.m.19 views

[SECURITY] Fedora 38 Update: python-cbor2-5.6.2-1.fc38

This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...

7.5CVSS7.3AI score0.01167EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.19 views

Fedora 39 : python-cbor2 (2024-4bbd13d425)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4bbd13d425 advisory. Update to latest upstream release closes rhbz2261550, closes rhbz2245361 Tenable has extracted the preceding description block directly from the Fedora...

7.5CVSS7.3AI score0.01167EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.14 views

Fedora 38 : python-cbor2 (2024-0c9aaeb447)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0c9aaeb447 advisory. Update to latest upstream release closes rhbz2261550, closes rhbz2245361 Tenable has extracted the preceding description block directly from the Fedora...

7.5CVSS7.3AI score0.01167EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.12 views

Fedora: Security Advisory for jackson-jaxrs-providers (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.21 views

[SECURITY] Fedora 40 Update: jackson-jaxrs-providers-2.16.1-3.fc40

This is a multi-module project that contains Jackson-based JAX-RS providers f or following data formats: JSON, Smile binary JSON, XML, CBOR another kind of binary JSON, YAML...

8.8CVSS9.1AI score0.02578EPSS
Exploits3
PyPA
PyPA
added 2024/02/19 11:15 p.m.5 views

PYSEC-2024-155

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

7.5CVSS6.9AI score0.01167EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2024/02/19 11:15 p.m.2 views

DEBIAN-CVE-2024-26134

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

7.5CVSS7.3AI score0.01167EPSS
Exploits1References1
CVE
CVE
added 2024/02/19 10:13 p.m.138 views

CVE-2024-26134

The CVE-2024-26134 issue affects the Python cbor2 library (5.5.1–5.6.1). The root cause is a crash when processing long CBOR inputs, notably during hashing a CBORTag, leading to an availability impact. A patch is available in 5.6.2 (and later). Remediation: upgrade cbor2 to 5.6.2+ or apply the ve...

7.5CVSS7.3AI score0.01167EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/02/19 10:13 p.m.10 views

CVE-2024-26134 CBOR2 decoder has potential buffer overflow

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

7.5CVSS7.4AI score0.01167EPSS
Exploits1References10
Veracode
Veracode
added 2024/01/22 8:41 a.m.12 views

Denial Of Service (DoS)

com.upokecenter: cbor is vulnerable to Denial Of Service DoS. The vulnerability is due inefficiencies within the Concise Binary Object Representation CBOR algorithm. An attacker can pass a malicious input to DecodeFromBytes to perform a DoS attack...

7.5CVSS6.8AI score0.00912EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/19 9:30 p.m.27 views

Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise...

7.5CVSS7.1AI score0.00912EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/01/19 9:15 p.m.43 views

CVE-2024-23684

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

7.5CVSS7.3AI score0.00912EPSS
Exploits0References3
Prion
Prion
added 2024/01/19 9:15 p.m.40 views

Design/Logic Flaw

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

5CVSS7AI score0.00912EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/01/19 8:59 p.m.219 views

CVE-2024-23684

CVE-2024-23684 affects the Java CBOR library from com.upokecenter (CBOR) versions 4.0.0–4.5.1. The issue is an inefficient algorithmic path in DecodeFromBytes that can be exploited by a malicious input to cause a denial of service. The NVD entry notes a remote attacker scenario depending on appli...

7.5CVSS7.1AI score0.00912EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/19 8:59 p.m.2 views

CVE-2024-23684 upokecenter CBOR Denial of Service

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

7.1AI score0.00912EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/19 8:59 p.m.52 views

CVE-2024-23684 upokecenter CBOR Denial of Service

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

7.5AI score0.00912EPSS
Exploits0References3
OSV
OSV
added 2024/01/19 8:59 p.m.18 views

CVE-2024-23684 upokecenter CBOR Denial of Service

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

7.5CVSS7AI score0.00912EPSS
Exploits0References6
Veracode
Veracode
added 2024/01/04 5:54 a.m.24 views

Denial Of Service (DOS)

PeterO.Cbor is vulnerable to Denial Of Service. The vulnerability is due to use of less efficient data structures like regular a Dictionary that are not optimized for performance. An attacker can exploit this inefficiency by decoding specially crafted CBOR data which can potentially lead to Denia...

7.5CVSS6.7AI score0.01061EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/03 6:30 p.m.4 views

GHSA-HF3R-VMRV-7W29 Duplicate Advisory: Denial of service in CBOR library

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r92-cgxc-r5fg. This link is maintained to preserve external references. Original Description PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger...

7.5CVSS7.5AI score0.01061EPSS
Exploits0References6
Snyk
Snyk
added 2024/01/03 4:44 p.m.2 views

Algorithmic Complexity

Overview PeterO.Cbor is a C implementation of Concise Binary Object Representation CBOR. Affected versions of this package are vulnerable to Algorithmic Complexity due to use of an inefficient algorithm in the DecodeFromBytes or other decoding mechanisms. An attacker can cause a denial of service...

7.5CVSS7AI score0.01061EPSS
Exploits0References2
Rows per page
Query Builder