CVE-2024-21909

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of 
service vulnerability. An attacker may trigger the denial of service 
condition by providing crafted data to the DecodeFromBytes or other 
decoding mechanisms in PeterO.Cbor. Depending on the usage of the 
library, an unauthenticated and remote attacker may be able to cause the
 denial of service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VulnCheckCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
peteroupccbor
4.0.0 ≤
𝑥
< 4.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/advisories/GHSA-6r92-cgxc-r5fg
https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95
https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1
https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg
https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg
https://github.com/advisories/GHSA-6r92-cgxc-r5fg
https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95
https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1
https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg
https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg