ГлавнаяУязвимости → CVE-2024-26134
7.5высокая

CVE-2024-26134

Описание

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.

Затрагиваемое ПО
Agronholm Cbor2Fedoraproject Fedora
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873dfhttps://github.com/agronholm/cbor2/pull/204https://github.com/agronholm/cbor2/releases/tag/5.6.2https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7mhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/