CVE-2024-21909

Name of the Vulnerable Software and Affected Versions PeterO.Cbor versions 4.0.0 through 4.5.0

Description The issue is a denial of service vulnerability that can be triggered by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. The vulnerability is due to the library's use of an inefficient algorithm.

Recommendations For versions 4.0.0 through 4.5.0, update to version 4.5.1 or the latest version available. As a temporary workaround, consider checking the input data before passing it to the CBOR decoding mechanism to ensure it does not contain a CBOR map, by verifying that it does not start with a byte in the range 0x80 through 0xDF and does not contain a byte in the range 0xa0 through 0xBF.