GHSA-hfj8-63c8-rmfw: Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor

January 19, 2024 (updated January 22, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references.

Original Description

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker.

References

github.com/advisories/GHSA-fj2w-wfgv-mwq6
github.com/advisories/GHSA-hfj8-63c8-rmfw
github.com/peteroupc/CBOR-Java
github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6
nvd.nist.gov/vuln/detail/CVE-2024-23684
vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6

Code Behaviors & Features

Detect and mitigate GHSA-hfj8-63c8-rmfw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →