CVE-2024-23684

moderate-risk

Published 2024-01-19

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

Do I need to act?

1.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Cbor

Affected Vendors

Peteroupc

References (6)

Mitigation https://github.com/advisories/GHSA-fj2w-wfgv-mwq6

Vendor Advisory https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6

Third Party Advisory https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

Mitigation https://github.com/advisories/GHSA-fj2w-wfgv-mwq6

Vendor Advisory https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6

Third Party Advisory https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 5/34 · Minimal

Exposure 5/34 · Minimal