rpm package
suse/python-cbor2&distro=SUSE Linux Enterprise Server for SAP applications 16.0
pkg:rpm/suse/python-cbor2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26209 | — | < 5.6.5-160000.4.1 | 5.6.5-160000.4.1 | Mar 23, 2026 | cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerabili | ||
| CVE-2025-68131 | — | < 5.6.5-160000.4.1 | 5.6.5-160000.4.1 | Dec 31, 2025 | cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) | ||
| CVE-2025-64076 | — | < 5.6.5-160000.3.1 | 5.6.5-160000.3.1 | Nov 18, 2025 | Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read (CWE-191, CWE-125): An incorrect variable reference and missing state res | ||
| CVE-2024-26134 | — | < 5.6.5-160000.3.1 | 5.6.5-160000.3.1 | Feb 19, 2024 | cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Vers |
- CVE-2026-26209Mar 23, 2026affected < 5.6.5-160000.4.1fixed 5.6.5-160000.4.1
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerabili
- CVE-2025-68131Dec 31, 2025affected < 5.6.5-160000.4.1fixed 5.6.5-160000.4.1
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28)
- CVE-2025-64076Nov 18, 2025affected < 5.6.5-160000.3.1fixed 5.6.5-160000.3.1
Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read (CWE-191, CWE-125): An incorrect variable reference and missing state res
- CVE-2024-26134Feb 19, 2024affected < 5.6.5-160000.3.1fixed 5.6.5-160000.3.1
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Vers