Home > Vulnerability Database > CVE-2024-26134

Mend.io Vulnerability Database

CVE-2024-26134

Good to know:

Date: February 19, 2024

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.

Language: C

Severity Score

7.5

Related Resources (15)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-26134

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BT42VXZMMMCSSHMA65KKPOZCXJEYHNR5/

Url: https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX524ZG2XJWFV37UQKQ4LWIH4UICSGEQ

Url: https://github.com/agronholm/cbor2

Url: https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m

Url: https://github.com/agronholm/cbor2/pull/204

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWC3VU6YV6EXKCSX5GTKWLBZIDIJNQJY/

Url: https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df

Url: https://github.com/pypa/advisory-database/tree/main/vulns/cbor2/PYSEC-2024-155.yaml

Url: https://github.com/agronholm/cbor2/releases/tag/5.6.2

Url: https://www.mend.io/vulnerability-database/CVE-2024-26134

Severity Score

7.5

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version cbor2 - 5.6.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-26134

Good to know:

Date: February 19, 2024

Language: C

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?