QwikSec

Security Database

CVE

CWE

Training

CVE-2024-21909

Published: Jan 3, 2024

Modified: Nov 28, 2025

PUBLISHED

Description

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Vendor	Product	Versions
Unknown	PeterO.Cbor	affected `4.0.0 - < 4.5.1`

Weaknesses (CWE)

References

https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg

vendor-advisory

https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95

patch

https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1

related

https://github.com/advisories/GHSA-6r92-cgxc-r5fg

third-party-advisory

https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.