CVE-2024-23684 - OpenCVE

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Peteroupc	Cbor

Configuration 1 [-]

cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*

References

Link	Resource
https://github.com/advisories/GHSA-fj2w-wfgv-mwq6	Mitigation Third Party Advisory
https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6	Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulnCheck

Published: 2024-01-19T20:59:02.723Z

Updated: 2024-01-19T20:59:02.723Z

Reserved: 2024-01-19T17:35:09.985Z

Link: CVE-2024-23684

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-19T21:15:10.387

Modified: 2024-01-26T18:06:27.610

Link: CVE-2024-23684

JSON object: View

Redhat Information

No data.

CWE

CWE-407

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*", "matchCriteriaId": "1ACE4764-C56D-427B-99DA-52922CA6C062", "versionEndExcluding": "4.5.1", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.\n\n"}, {"lang": "es", "value": "La complejidad algor\u00edtmica ineficiente en la funci\u00f3n DecodeFromBytes en com.upokecenter.cbor la implementaci\u00f3n Java de Concise Binary Object Representation (CBOR) versiones 4.0.0 a 4.5.1 permite a un atacante provocar una denegaci\u00f3n de servicio al pasar una entrada manipulada con fines malintencionados. Dependiendo del uso de esta librer\u00eda por parte de una aplicaci\u00f3n, este puede ser un atacante remoto."}], "id": "CVE-2024-23684", "lastModified": "2024-01-26T18:06:27.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-19T21:15:10.387", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/advisories/GHSA-fj2w-wfgv-mwq6"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-407"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}