CVE-2024-26134

CVSS V2 None CVSS V3 None

Description

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.

Overview

CVE ID
CVE-2024-26134

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-02-19T22:13:47.173Z

Last Modified Date
2024-02-19T22:13:47.173Z

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html

References

Reference URL	Reference Tags
https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m	x_refsource_CONFIRM
https://github.com/agronholm/cbor2/pull/204	x_refsource_MISC
https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542	x_refsource_MISC
https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df	x_refsource_MISC
https://github.com/agronholm/cbor2/releases/tag/5.6.2	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-26134
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26134

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 00:19:32				Added to TrackCVE