CVE-2024-26134

Name of the Vulnerable Software and Affected Versions cbor2 versions 5.5.1 through 5.6.2

Description The issue concerns a denial-of-service vulnerability in cbor2, which provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.

Recommendations For versions 5.5.1 through 5.6.2, update to version 5.6.2 or later, which contains a patch for this issue. As a temporary workaround, consider restricting the size of CBOR objects that can be parsed to prevent crashes.