CVE-2024-26134

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 19, 2024
Updated: Jan 2, 2025
CWE ID 120

Summary

CVE-2024-26134 is a vulnerability affecting the cbor2 library, which provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format (RFC 8949). This issue, present in versions 5.5.1 and prior to 5.6.2, allows an attacker to cause a service to crash by sending a maliciously long CBOR binary object for parsing. Version 5.6.2 includes a patch to resolve this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Fedora Operating System

Affected Vendors

  • Fedora Project