CVE-2024-26134
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Feb 19, 2024
Updated: Jan 2, 2025
CWE ID 120
Summary
CVE-2024-26134 is a vulnerability affecting the cbor2 library, which provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format (RFC 8949). This issue, present in versions 5.5.1 and prior to 5.6.2, allows an attacker to cause a service to crash by sending a maliciously long CBOR binary object for parsing. Version 5.6.2 includes a patch to resolve this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Fedora Operating System
Affected Vendors
- Fedora Project