PyPi: Cbor2

CVE-2024-26134

Safety vulnerability ID: 66703

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 19, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of Cbor2 are vulnerable to Buffer Overflow. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.

Affected package

cbor2

Latest version: 5.6.5

CBOR (de)serializer with extensive tag support

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542
https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df
https://github.com/agronholm/cbor2/pull/204
https://github.com/agronholm/cbor2/releases/tag/5.6.2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26134

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application