Skip to content

Fix potential CBOR parsing safety issues
Compare
Choose a tag to compare
@conorpp conorpp released this 27 Feb 20:49
· 96 commits to master since this release
3.1.2
This tag was signed with the committer’s verified signature.
conorpp Conor Patrick
GPG key ID: 4638EB2F0CDDBCB5
Learn about vigilant mode.
28a1b1c

As discovered in our security audit by DoyenSec, there were some potential cbor safety issues, the largest being there wasn't a proper recursion limit to one of the methods we were using from tinycbor. Now that has been fixed.

Assets 13
Loading