CVE-2024-23684
HIGHpeteroupc/cbor 4.0.0-4.5.1 - Denial of Service via DecodeFromBytes Function
Title source: llmDescription
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6
Mitigation, Third Party Advisory third-party-advisory
https://github.com/advisories/GHSA-fj2w-wfgv-mwq6
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6
Scores
CVSS v3
7.5
EPSS
0.0091
EPSS Percentile
55.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-407
Status
published
Products (2)
com.upokecenter/cbor
4.0.0 - 4.5.1Maven
peteroupc/cbor
4.0.0 - 4.5.1
Published
Jan 19, 2024
Tracked Since
Feb 18, 2026