CVE-2024-21909
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/01/2024
Last modified:
03/06/2025
Description
PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of <br />
service vulnerability. An attacker may trigger the denial of service <br />
condition by providing crafted data to the DecodeFromBytes or other <br />
decoding mechanisms in PeterO.Cbor. Depending on the usage of the <br />
library, an unauthenticated and remote attacker may be able to cause the<br />
denial of service condition.<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:* | 4.0.0 (including) | 4.5.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/advisories/GHSA-6r92-cgxc-r5fg
- https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95
- https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1
- https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg
- https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg
- https://github.com/advisories/GHSA-6r92-cgxc-r5fg
- https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95
- https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1
- https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg
- https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg