Lucene search

[email protected]NVD:CVE-2024-23684

HistoryJan 19, 2024 - 9:15 p.m.

CVE-2024-23684

2024-01-1921:15:10

CWE-407

[email protected]

web.nvd.nist.gov

algorithmic complexity

decodefrombytes

cbor

java

denial of service

remote attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.1%

JSON

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker.

Affected configurations

Nvd

Node

peteroupccborRange4.0.0–4.5.1.net

VendorProductVersionCPE
peteroupccbor*cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*

Vendor	Product	Version	CPE
peteroupc	cbor	*	cpe:2.3:a:peteroupc:cbor::::::.net::*

References

github.com/advisories/GHSA-fj2w-wfgv-mwq6

github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6

vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.1%

JSON

Related for NVD:CVE-2024-23684

github1 veracode1 cvelist1 prion1 cve1 osv3