GHSA-wcj4-jw5j-44wh
Vulnerability from github
Published
2025-12-31 22:01
Modified
2025-12-31 22:01
Severity ?
5.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Summary
CBORDecoder reuse can leak shareable values across decode calls
Details

Summary

When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries.

Details

The issue is in the decoder's handling of the shareables list, which stores values tagged with CBOR tag 28 (shareable) for later reference by tag 29 (sharedref).

When decode_from_bytes() is called or when .fp is set to a new stream, the shareables list is not cleared. This allows references to persist across separate decode operations.

The issue exists in both the C extension and the pure Python decoder.

In the C extension (source/decoder.c), the _CBORDecoder_set_fp function (line ~202) updates the file pointer but does not reset the shareables state:

static int _CBORDecoder_set_fp(CBORDecoderObject *self, PyObject *value, void *closure) { // ... validation ... tmp = self->read; self->read = read; Py_DECREF(tmp); return 0; // Missing: PyList_Clear(self->shareables) or equivalent }

In the pure Python decoder (cbor2/_decoder.py), the fp setter similarly fails to clear self._shareables.

Similarly, decode_from_bytes() in both implementations saves and restores the read pointer but does not clear the shareables list between decodes.

The shareable/sharedref tags are defined in the CBOR value sharing extension (http://cbor.schmorp.de/value-sharing) with scope limited to a single CBOR data item, not across separate messages.

PoC

``` import cbor2 from io import BytesIO

Message from trusted source containing a shareable value

msg1 = cbor2.dumps(cbor2.CBORTag(28, "secret"))

Attacker-controlled message referencing index 0

msg2 = cbor2.dumps(cbor2.CBORTag(29, 0))

Decoder reused across trust boundaries

decoder = cbor2.CBORDecoder(BytesIO(b'')) decoder.decode_from_bytes(msg1) print(decoder.decode_from_bytes(msg2)) # prints "secret" ``` No special configuration required. Affects any application that reuses a CBORDecoder instance to decode messages from different sources.

Impact

Information disclosure. Applications that reuse a CBORDecoder across trust boundaries are vulnerable if the trusted messages use value sharing (tag 28) and an attacker can send messages containing shared references (tag 29). An attacker who can send a crafted CBOR message containing a sharedref tag can read values from previously decoded messages, potentially exposing sensitive data such as credentials, tokens, or private user data.

Related

A similar issue in the encoder could produce invalid CBOR with dangling shared references:

``` import cbor2 from io import BytesIO

Create encoder with value sharing enabled

encoder = cbor2.CBOREncoder(BytesIO(), value_sharing=True)

Persistent object that will be encoded multiple times

shared_obj = ['hello']

First encode: array containing shared_obj twice

encoder.encode([shared_obj, shared_obj]) print(f'First encode: {encoder.fp.getvalue().hex()}')

Output: d81c82d81c816568656c6c6fd81d01

Second encode: just shared_obj

encoder.fp = BytesIO() encoder.encode(shared_obj) result = encoder.fp.getvalue() print(f'Second encode: {result.hex()}')

Output: d81d01 (just a shared reference to index 1!)

Try to decode the second result as standalone CBOR

decoder = cbor2.CBORDecoder(BytesIO(result)) decoded = decoder.decode()

FAILS: shared reference 1 not found

```

While primarily a correctness bug, it could cause denial of service if invalid CBOR is transmitted to downstream systems that fail to parse it, or cause silent data corruption if the dangling reference happens to resolve to an unrelated value.

It can also be considered a memory leak in both the decoder and encoder as references are held that will never be released as long as the decoder/encoder remains alive.

Suggested resolution

Add dedicated boolean flags to track when an encode/decode operation is in progress. Reset shared state only when the flag is False (top-level call). This ensures state is reset for standalone calls while preserving shared references for nested calls from hooks (which need access to the registry for cyclic structures).

Decoder (_decoding flag): - decode(): set flag True, reset state, decode, set flag False - decode_from_bytes(): reset state only when flag is False

Encoder (_encoding flag): - encode(): set flag True, reset state, encode, set flag False - encode_to_bytes(): reset state only when flag is False

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "cbor2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "5.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-31T22:01:38Z",
    "nvd_published_at": "2025-12-31T02:15:42Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nWhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries.\n\n### Details\nThe issue is in the decoder\u0027s handling of the shareables list, which stores values tagged with CBOR tag 28 (shareable) for later reference by tag 29 (sharedref).\n\nWhen decode_from_bytes() is called or when .fp is set to a new stream, the shareables list is not cleared. This allows references to persist across separate decode operations.\n\nThe issue exists in both the C extension and the pure Python decoder.\n\nIn the C extension (source/decoder.c), the _CBORDecoder_set_fp function (line ~202) updates the file pointer but does not reset the shareables state:\n\n```\n  static int\n  _CBORDecoder_set_fp(CBORDecoderObject *self, PyObject *value, void *closure)\n  {\n      // ... validation ...\n      tmp = self-\u003eread;\n      self-\u003eread = read;\n      Py_DECREF(tmp);\n      return 0;\n      // Missing: PyList_Clear(self-\u003eshareables) or equivalent\n  }\n```\n\nIn the pure Python decoder (cbor2/_decoder.py), the fp setter similarly fails to clear self._shareables.\n\nSimilarly, decode_from_bytes() in both implementations saves and restores the read pointer but does not clear the shareables list between decodes.\n\nThe shareable/sharedref tags are defined in the CBOR value sharing extension (http://cbor.schmorp.de/value-sharing) with scope limited to a single CBOR data item, not across separate messages.\n\n### PoC\n\n```\nimport cbor2\nfrom io import BytesIO\n\n# Message from trusted source containing a shareable value\nmsg1 = cbor2.dumps(cbor2.CBORTag(28, \"secret\"))\n\n# Attacker-controlled message referencing index 0\nmsg2 = cbor2.dumps(cbor2.CBORTag(29, 0))\n\n# Decoder reused across trust boundaries\ndecoder = cbor2.CBORDecoder(BytesIO(b\u0027\u0027))\ndecoder.decode_from_bytes(msg1)\nprint(decoder.decode_from_bytes(msg2))  # prints \"secret\"\n```\nNo special configuration required. Affects any application that reuses a CBORDecoder instance to decode messages from different sources.\n\n### Impact\nInformation disclosure. Applications that reuse a CBORDecoder across trust boundaries are vulnerable if the trusted messages use value sharing (tag 28) and an attacker can send messages containing shared references (tag 29). An attacker who can send a crafted CBOR message containing a sharedref tag can read values from previously decoded messages, potentially exposing sensitive data such as credentials, tokens, or private user data.\n\n### Related\nA similar issue in the encoder could produce invalid CBOR with dangling shared references:\n\n```\nimport cbor2\nfrom io import BytesIO\n\n# Create encoder with value sharing enabled\nencoder = cbor2.CBOREncoder(BytesIO(), value_sharing=True)\n\n# Persistent object that will be encoded multiple times\nshared_obj = [\u0027hello\u0027]\n\n# First encode: array containing shared_obj twice\nencoder.encode([shared_obj, shared_obj])\nprint(f\u0027First encode: {encoder.fp.getvalue().hex()}\u0027)\n# Output: d81c82d81c816568656c6c6fd81d01\n\n# Second encode: just shared_obj\nencoder.fp = BytesIO()\nencoder.encode(shared_obj)\nresult = encoder.fp.getvalue()\nprint(f\u0027Second encode: {result.hex()}\u0027)\n# Output: d81d01  (just a shared reference to index 1!)\n\n# Try to decode the second result as standalone CBOR\ndecoder = cbor2.CBORDecoder(BytesIO(result))\ndecoded = decoder.decode()\n# FAILS: shared reference 1 not found\n```\n\nWhile primarily a correctness bug, it could cause denial of service if invalid CBOR is transmitted to downstream systems that fail to parse it, or cause silent data corruption if the dangling reference happens to resolve to an unrelated value.\n\nIt can also be considered a memory leak in both the decoder and encoder as references are held that will never be released as long as the decoder/encoder remains alive.\n\n### Suggested resolution\n\nAdd dedicated boolean flags to track when an encode/decode operation is in progress. Reset shared state only when the flag is False (top-level call). This ensures state is reset for standalone calls while preserving shared references for nested calls from hooks (which need access to the registry for cyclic structures).\n\nDecoder (_decoding flag):\n - decode(): set flag True, reset state, decode, set flag False\n - decode_from_bytes(): reset state only when flag is False\n\nEncoder (_encoding flag):\n - encode(): set flag True, reset state, encode, set flag False\n - encode_to_bytes(): reset state only when flag is False",
  "id": "GHSA-wcj4-jw5j-44wh",
  "modified": "2025-12-31T22:01:38Z",
  "published": "2025-12-31T22:01:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/agronholm/cbor2/security/advisories/GHSA-wcj4-jw5j-44wh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68131"
    },
    {
      "type": "WEB",
      "url": "https://github.com/agronholm/cbor2/pull/268"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/agronholm/cbor2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "CBORDecoder reuse can leak shareable values across decode calls"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.