CBOR2 decoder has potential buffer overflow

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

cbor2 安全漏洞

cbor2是一个具有广泛标签支持的二进制对象表示序列化格式编码和解码的库。 cbor2 5.5.1版本至5.6.2之前版本存在安全漏洞。攻击者利用该漏洞通过发送足够长的对象来解析 CBOR 二进制文件，从而使服务崩溃。

N/A

N/A