4 matches found
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131
CVE-2025-68131 (cbor2) affects the cbor2 library’s CBORDecoder when reusing a decoder across trust boundaries. Versions 3.0.0–before 5.8.0 may retain shareable-tag (28) values in memory, allowing an attacker-controlled message to read data from earlier decoded messages via the sharedref tag (29)....
Linux Distros Unpatched Vulnerability : CVE-2025-68131
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8....
OSV-2024-222 Security exception in co.nstant.in.cbor.CborDecoder.decodeNext
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67637 Crash type: Security exception Crash state: co.nstant.in.cbor.CborDecoder.decodeNext java.base/jdk.internal.misc.Unsafe.putByte jdk.unsupported/sun.misc.Unsafe.putByte...