CVE-2024-21909

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-21909

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21909.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21909

Aliases

GHSA-6r92-cgxc-r5fg

Related

GHSA-6r92-cgxc-r5fg

Published

2024-01-03T16:15:09.003Z

Modified

2026-03-15T22:49:16.331001Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

References

Affected packages

Git / github.com/peteroupc/cbor

Affected ranges

Type

GIT

Repo

https://github.com/peteroupc/cbor

Events

Introduced

a06712788d5af3bb75a214d74238525b5a62baaa

Fixed

f74930528be1d86ccfd431e21629bfba7a4be20d

Fixed

b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.5.1"
        }
    ]
}

Affected versions

v4.*

v4.0.0

v4.0.1

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.4.2

v4.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21909.json"