CVE-2024-23684 - OpenCVE

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Peteroupc	Cbor

Configuration 1 [-]

cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*

No data.

References

Link	Providers
https://github.com/advisories/GHSA-fj2w-wfgv-mwq6
https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6
https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2024-01-19T20:59:02.723Z

Updated: 2024-08-01T23:06:25.371Z

Reserved: 2024-01-19T17:35:09.985Z

Link: CVE-2024-23684

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-19T21:15:10.387

Modified: 2024-01-26T18:06:27.610

Link: CVE-2024-23684

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23684", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2024-01-19T17:35:09.985Z", "datePublished": "2024-01-19T20:59:02.723Z", "dateUpdated": "2024-08-01T23:06:25.371Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "com.upokecenter:cbor", "versions": [{"lessThan": "4.5.1", "status": "affected", "version": "4.0.0", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.</p>"}], "value": "Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "description": "CWE-407 Inefficient Algorithmic Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2024-01-19T20:59:02.723Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6"}, {"tags": ["third-party-advisory"], "url": "https://github.com/advisories/GHSA-fj2w-wfgv-mwq6"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6"}], "source": {"discovery": "INTERNAL"}, "title": "upokecenter CBOR Denial of Service"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.371Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://github.com/advisories/GHSA-fj2w-wfgv-mwq6"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:peteroupc:cbor:*:*:*:*:*:.net:*:*", "matchCriteriaId": "1ACE4764-C56D-427B-99DA-52922CA6C062", "versionEndExcluding": "4.5.1", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.\n\n"}, {"lang": "es", "value": "La complejidad algor\u00edtmica ineficiente en la funci\u00f3n DecodeFromBytes en com.upokecenter.cbor la implementaci\u00f3n Java de Concise Binary Object Representation (CBOR) versiones 4.0.0 a 4.5.1 permite a un atacante provocar una denegaci\u00f3n de servicio al pasar una entrada manipulada con fines malintencionados. Dependiendo del uso de esta librer\u00eda por parte de una aplicaci\u00f3n, este puede ser un atacante remoto."}], "id": "CVE-2024-23684", "lastModified": "2024-01-26T18:06:27.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-19T21:15:10.387", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/advisories/GHSA-fj2w-wfgv-mwq6"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-407"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}