AZL-73325

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73325.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-73325

Upstream

CVE-2025-68131

Published

2025-12-31T02:15:42Z

Modified

2026-04-21T04:33:51.679340Z

Summary

CVE-2025-68131 affecting package python-cbor2 5.6.5-2

Details

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. Version 5.8.0 patches the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68131

Affected packages

Azure Linux:3 / python-cbor2

Package

Name: python-cbor2
Purl: pkg:rpm/azure-linux/python-cbor2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.6.5-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73325.json"