4 matches found
Design/Logic Flaw
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
CVE-2024-26134
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
CVE-2024-26134 CBOR2 decoder has potential buffer overflow
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
CVE-2024-26134
The CVE-2024-26134 issue affects the Python cbor2 library (5.5.1–5.6.1). The root cause is a crash when processing long CBOR inputs, notably during hashing a CBORTag, leading to an availability impact. A patch is available in 5.6.2 (and later). Remediation: upgrade cbor2 to 5.6.2+ or apply the ve...