Homepage

cbor2@5.5.1 vulnerabilities

CBOR (de)serializer with extensive tag support

  • latest version

    5.6.5

  • latest non vulnerable version

    5.6.5

  • first published

    8 years ago

  • latest version published

    5 months ago

  • licenses detected

  • View cbor2 package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the cbor2 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Buffer Overflow

    cbor2 is a CBOR (de)serializer with extensive tag support

    Affected versions of this package are vulnerable to Buffer Overflow due to improper validation of input size during the decoding process. An attacker can crash a service by sending a specially crafted CBOR binary that triggers a buffer overflow.

    How to fix Buffer Overflow?

    Upgrade cbor2 to version 5.6.2 or higher.

    [5.5.1,5.6.2)
    • M
    Insufficient Resource Pool

    cbor2 is a CBOR (de)serializer with extensive tag support

    Affected versions of this package are vulnerable to Insufficient Resource Pool due to a MemoryError when decoding large definite strings. Exploiting this vulnerability could lead to a system crash.

    How to fix Insufficient Resource Pool?

    Upgrade cbor2 to version 5.6.0 or higher.

    [,5.6.0)
    Go back to all versions of this package