Lucene search

Veracode Vulnerability DatabaseVERACODE:45111

HistoryJan 22, 2024 - 8:41 a.m.

Denial Of Service (DoS)

2024-01-2208:41:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

cbor

attack

input

algorithm

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

com.upokecenter: cbor is vulnerable to Denial Of Service (DoS). The vulnerability is due inefficiencies within the Concise Binary Object Representation (CBOR) algorithm. An attacker can pass a malicious input to DecodeFromBytes to perform a DoS attack.

References

github.com/advisories/GHSA-fj2w-wfgv-mwq6

github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6

vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Related for VERACODE:45111