7.5

CVE-2024-21909

Denial of service in CBOR library

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of 
service vulnerability. An attacker may trigger the denial of service 
condition by providing crafted data to the DecodeFromBytes or other 
decoding mechanisms in PeterO.Cbor. Depending on the usage of the 
library, an unauthenticated and remote attacker may be able to cause the
 denial of service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PeteroupcCbor SwPlatform.net Version >= 4.0.0 < 4.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.06% 0.601
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-407 Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

https://github.com/advisories/GHSA-6r92-cgxc-r5fg
Third Party Advisory
https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95
Patch
https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1
Release Notes
https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg
Third Party Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg
Third Party Advisory