NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2024-26134

概要	cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
公表日	2024年2月20日8:15
登録日	2024年2月20日12:00
最終更新日	2024年4月20日8:15

関連情報、対策とツール

No	URL	refsource	タグ
1	https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m
2	https://github.com/agronholm/cbor2/pull/204
3	https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
4	https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df
5	https://github.com/agronholm/cbor2/releases/tag/5.6.2
6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/
7	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/
8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-120	古典的バッファオーバーフロー	https://cwe.mitre.org/data/definitions/120.html