{"affected":[{"ecosystem_specific":{"binaries":[{"python313-cbor2":"5.6.5-160000.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"python-cbor2","purl":"pkg:rpm/opensuse/python-cbor2&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6.5-160000.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-cbor2 fixes the following issues:\n\n- CVE-2025-64076: Fixed bug in decode_definite_long_string() that causes incorrect chunk length calculation (bsc#1253746).\n\n\nAlready fixed in release 5.6.3:\n\n- CVE-2024-26134: Fixed potential crash when hashing a CBORTag (bsc#1220096).\n","id":"openSUSE-SU-2025-20133-1","modified":"2025-12-02T13:51:41Z","published":"2025-12-02T13:51:41Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1220096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253746"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-26134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-64076"}],"related":["CVE-2024-26134","CVE-2025-64076"],"summary":"Security update for python-cbor2","upstream":["CVE-2024-26134","CVE-2025-64076"]}