Security Advisory

CVE-2024-26134

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-19 22:13:47
Last updated 2025-02-13 17:41:03
Assigner GitHub_M
State PUBLISHED

Description

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.