Vulnerability Description
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peteroupc | Cbor | >= 4.0.0, < 4.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/advisories/GHSA-fj2w-wfgv-mwq6MitigationThird Party Advisory
- https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6Vendor Advisory
- https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6Third Party Advisory
- https://github.com/advisories/GHSA-fj2w-wfgv-mwq6MitigationThird Party Advisory
- https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6Vendor Advisory
- https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6Third Party Advisory
FAQ
What is CVE-2024-23684?
CVE-2024-23684 is a vulnerability with a CVSS score of 7.5 (HIGH). Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to ...
How severe is CVE-2024-23684?
CVE-2024-23684 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23684?
Check the references section above for vendor advisories and patch information. Affected products include: Peteroupc Cbor.