Miri64

**Name of the Vulnerable Software and Affected Versions** cbor2 versions 5.5.1 through 5.6.2 **Description** The issue concerns a denial-of-service vulnerability in cbor2, which provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. **Recommendations** For versions 5.5.1 through 5.6.2, update to version 5.6.2 or later, which contains a patch for this issue. As a temporary workaround, consider restricting the size of CBOR objects that can be parsed to prevent crashes.

**Name of the Vulnerable Software and Affected Versions** RIOT versions prior to 2017-04-25 **Description** The issue is related to a stack-based buffer overflow in the ipv6 addr from str function, which can be triggered by a malformed IPv6 address. This could allow local attackers, and potentially remote attackers, to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For versions prior to 2017-04-25, update to a version released after 2017-04-25 to resolve the issue.