NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-26134

Summary	cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
Publication Date	Feb. 20, 2024, 8:15 a.m.
Registration Date	Feb. 20, 2024, noon
Last Update	April 20, 2024, 8:15 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m
2	https://github.com/agronholm/cbor2/pull/204
3	https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
4	https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df
5	https://github.com/agronholm/cbor2/releases/tag/5.6.2
6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/
7	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/
8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-120	古典的バッファオーバーフロー	https://cwe.mitre.org/data/definitions/120.html