VYPR

Cbor2

by Agronholm

pypi: cbor2

Source repositories

CVEs (4)

  • CVE-2026-26209Mar 23, 2026
    risk 0.00cvss epss 0.00

    cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This…

  • CVE-2025-68131Dec 31, 2025
    risk 0.00cvss epss 0.00

    cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag…

  • CVE-2025-64076Nov 18, 2025
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read (CWE-191, CWE-125): An incorrect variable reference and missing state…

  • CVE-2024-26134Feb 19, 2024
    risk 0.00cvss epss 0.01

    cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.…