CVE-2020-24753

CRITICAL

Objective Open Cbor Run-time < 2020-08-12 - Out-of-Bounds Write

Title source: rule

Description

A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0129
EPSS Percentile 79.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-755 CWE-787 CWE-908
Status published

Affected Products (1)

objective_open_cbor_run-time_project/objective_open_cbor_run-time < 2020-08-12

Timeline

Published Sep 17, 2020
Tracked Since Feb 18, 2026