CVE-2024-23684

Source
https://cve.org/CVERecord?id=CVE-2024-23684
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23684.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23684
Aliases
Published
2024-01-19T20:59:02.723Z
Modified
2026-07-16T03:30:54.230216114Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
upokecenter CBOR Denial of Service
Details

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

Database specific
{
    "cwe_ids": [
        "CWE-407"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23684.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/peteroupc/cbor

Affected ranges

Type
GIT
Repo
https://github.com/peteroupc/cbor
Events
Database specific
{
    "cpe": "cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.5.1"
        }
    ],
    "source": "CPE_RANGE"
}
Type
GIT
Repo
https://github.com/peteroupc/cbor-java
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.5.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v4.*
v4.0.0
v4.0.1
v4.1.0
v4.1.3
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23684.json"