15 matches found
Security update for python-cbor2 (moderate)
openSUSE Security Update: Security update for python-cbor2 Announcement ID: openSUSE-SU-2026:0009-1 Rating: moderate References: 1255783 Cross-References: CVE-2025-68131 CVSS scores: CVE-2025-68131 SUSE: 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSU...
CVE-2025-68131
A flaw was found in cbor2. When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory. This allows an attacker-controlled message to read sensitive data from previously decoded messages if the decoder is reused across trust...
SUSE CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
EUVD-2025-205866
CBORDecoder reuse can leak shareable values across decode calls...
GHSA-WCJ4-JW5J-44WH CBORDecoder reuse can leak shareable values across decode calls
Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag 29. This allows an attacker-controlled message to read data from previously decoded...
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
PYSEC-2025-90
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
AZL-73325 CVE-2025-68131 affecting package python-cbor2 5.6.5-2
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
UBUNTU-CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
cbor2 安全漏洞
cbor2 is a library with extensive tag support for encoding and decoding binary object representations in serialized format from the individual developer Alex Grönholm. A security vulnerability exists in cbor2 version 3.0.0 up to and including version 5.8.0, which stems from the fact that when the...
PT-2025-54268
Name of the Vulnerable Software and Affected Versions cbor2 versions 3.0.0 through 5.7.0 Description cbor2 is a library for encoding and decoding the Concise Binary Object Representation CBOR serialization format. A flaw exists where, when a CBORDecoder instance is reused across multiple decode...