GHSA-hfj8-63c8-rmfw

Source

https://github.com/advisories/GHSA-hfj8-63c8-rmfw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-hfj8-63c8-rmfw/GHSA-hfj8-63c8-rmfw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hfj8-63c8-rmfw

Aliases

Withdrawn

2026-01-22T20:53:05Z

Published

2024-01-19T21:30:36Z

Modified

2026-02-03T03:09:25.878195Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references.

Original Description

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

Database specific

{
    "nvd_published_at": "2024-01-19T21:15:10Z",
    "github_reviewed_at": "2024-01-23T14:36:37Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-407"
    ],
    "github_reviewed": true
}

References

Affected packages

Maven / com.upokecenter:cbor

Package

Name: com.upokecenter:cbor; View open source insights on deps.dev
Purl: pkg:maven/com.upokecenter/cbor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.5.1

Affected versions

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.3

4.2.0

4.3.0

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-hfj8-63c8-rmfw/GHSA-hfj8-63c8-rmfw.json"