GHSA-hfj8-63c8-rmfw

Опубликовано: 19 янв. 2024

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references.

Original Description

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

Ссылки

https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6
https://nvd.nist.gov/vuln/detail/CVE-2024-23684
https://github.com/advisories/GHSA-fj2w-wfgv-mwq6
https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

Пакеты

Наименование

com.upokecenter:cbor

maven

Затронутые версииВерсия исправления

>= 4.0.0, < 4.5.1

4.5.1

7.5 High

CVSS3

Дефекты

CWE-407

7.5 High

CVSS3

Дефекты

CWE-407