CVE-2024-23684: Inefficient Algorithmic Complexity

January 19, 2024 (updated January 23, 2024)

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker.

References

github.com/advisories/GHSA-fj2w-wfgv-mwq6
github.com/advisories/GHSA-hfj8-63c8-rmfw
github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6
nvd.nist.gov/vuln/detail/CVE-2024-23684
vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

Code Behaviors & Features

Detect and mitigate CVE-2024-23684 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →