Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CBOR2 decoder has potential buffer overflow
Vulnerability Description
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
cbor2 安全漏洞
Vulnerability Description
cbor2是一个具有广泛标签支持的二进制对象表示序列化格式编码和解码的库。 cbor2 5.5.1版本至5.6.2之前版本存在安全漏洞。攻击者利用该漏洞通过发送足够长的对象来解析 CBOR 二进制文件,从而使服务崩溃。
CVSS Information
N/A
Vulnerability Type
N/A