Описание
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cbor2 | fixed | 5.6.2-1 | package | |
| cbor2 | not-affected | bookworm | package | |
| cbor2 | not-affected | bullseye | package |
Примечания
https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m
https://github.com/agronholm/cbor2/pull/204
Introduced by: https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 (5.6.0)
Fixed by: https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df (5.6.2)
EPSS
Связанные уязвимости
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
EPSS