Lucene search

GitHub Advisory DatabaseGHSA-HFJ8-63C8-RMFW

HistoryJan 19, 2024 - 9:30 p.m.

Inefficient Algorithmic Complexity in com.upokecenter:cbor

2024-01-1921:30:36

CWE-407

GitHub Advisory Database

github.com

inefficient algorithmic complexity

remote attack

denial of service

cbor

java implementation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker.

Affected configurations

Vulners

Node

com.upokecentercborRange4.0.0–4.5.1

VendorProductVersionCPE
com.upokecentercbor*cpe:2.3:a:com.upokecenter:cbor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
com.upokecenter	cbor	*	cpe:2.3:a:com.upokecenter:cbor::::::::

References

github.com/advisories/GHSA-fj2w-wfgv-mwq6

github.com/advisories/GHSA-hfj8-63c8-rmfw

github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6

nvd.nist.gov/vuln/detail/CVE-2024-23684

vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Related for GHSA-HFJ8-63C8-RMFW