CVE-2024-21909

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21909

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21909.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21909

Aliases

GHSA-6r92-cgxc-r5fg

Published

2024-01-03T16:15:09Z

Modified

2024-05-30T04:15:03.382386Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

References

Affected packages

Git / github.com/peteroupc/cbor

Affected ranges

Type: GIT
Repo: https://github.com/peteroupc/cbor
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95

Affected versions

v1.*

v1.1.1

v3.*

v3.0.0

v3.0.2

v3.0.3

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.4.0-alpha1

v3.4.0-beta1

v3.4.0-beta1-2

v3.4.0-beta1-3

v4.*

v4.0.0

v4.0.0-alpha1

v4.0.0-alpha2

v4.0.0-beta2

v4.0.1

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.4.2

v4.5