CVE-2024-21909
Published: 03 January 2024
Summary
CVE-2024-21909 is a high-severity Inefficient Algorithmic Complexity (CWE-407) vulnerability in Peteroupc Cbor. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 35.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-0486
Vulnerability details
PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of…
more
the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-21909 enables endpoint denial of service via crafted CBOR input exploiting inefficient algorithmic complexity in the PeterO.Cbor library, leading to application resource exhaustion.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Addresses inefficient algorithms whose complexity can be exploited for DoS.