CNNVD-202512-5703 Information
CNNVD ID
CNNVD-202512-5703
Related CVE
- CNNVD Published: 2025-12-31
Description (Chinese)
cbor2是Alex Grönholm个人开发者的一个具有广泛标签支持的二进制对象表示序列化格式编码和解码的库。 cbor2 3.0.0版本至5.8.0之前版本存在安全漏洞,该漏洞源于跨信任边界重用解码器时,可共享标记的值会保留在内存中,可能导致攻击者读取先前解码消息中的数据。
Description (English)
cbor2 is the library of an extensive labeled binary object from Alex Grönholm Personal Developer for serialized format code and decoded. There is a security loophole in the pre-versions of cbor2 3.0.0 to 5.8.0, which stems from the fact that when the decoder is reused across a trusted border, the value of the shared mark will remain in the memory and may lead the assailant to read the data from the previous decoder message.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-31
Last Modified
2026-02-24
References
https://github.com/agronholm/cbor2/pull/268 https://github.com/agronholm/cbor2/security/advisories/GHSA-wcj4-jw5j-44wh
Patch
https://github.com/agronholm/cbor2/releases
Share on: