Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
🐍 PyPI

GHSA-wcj4-jw5j-44wh

CBORDecoder reuse can leak shareable values across decode calls

Also known asCVE-2025-68131PYSEC-2025-90
Published
Dec 31, 2025
Updated
Jun 5, 2026
Affected
1 pkg
Patched
1 / 1
Exploits
None indexed

EPSS Exploitation Probability

via FIRST.org ↗
0.4%probability of exploitation in next 30 days
Lower Risk34th percentile+0.40%
0.00%0.31%0.62%0.92%0.0%0.4%Jan 26Apr 26Jun 26

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected
🐍cbor2

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects PyPI packages — download data is not available via public APIs for these ecosystems.

Description

Summary

When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries.

Details

The issue is in the decoder's handling of the shareables list, which stores values tagged with CBOR tag 28 (shareable) for later reference by tag 29 (sharedref).

When decode_from_bytes() is called or when .fp is set to a new stream, the shareables list is not cleared. This allows references to persist across separate decode operations.

The issue exists in both the C extension and the pure Python decoder.

In the C extension (source/decoder.c), the _CBORDecoder_set_fp function (line ~202) updates the file pointer but does not reset the shareables state:

  static int
  _CBORDecoder_set_fp(CBORDecoderObject *self, PyObject *value, void *closure)
  {
      // ... validation ...
      tmp = self->read;
      self->read = read;
      Py_DECREF(tmp);
      return 0;
      // Missing: PyList_Clear(self->shareables) or equivalent
  }

In the pure Python decoder (cbor2/_decoder.py), the fp setter similarly fails to clear self._shareables.

Similarly, decode_from_bytes() in both implementations saves and restores the read pointer but does not clear the shareables list between decodes.

The shareable/sharedref tags are defined in the CBOR value sharing extension (http://cbor.schmorp.de/value-sharing) with scope limited to a single CBOR data item, not across separate messages.

PoC

import cbor2
from io import BytesIO

# Message from trusted source containing a shareable value
msg1 = cbor2.dumps(cbor2.CBORTag(28, "secret"))

# Attacker-controlled message referencing index 0
msg2 = cbor2.dumps(cbor2.CBORTag(29, 0))

# Decoder reused across trust boundaries
decoder = cbor2.CBORDecoder(BytesIO(b''))
decoder.decode_from_bytes(msg1)
print(decoder.decode_from_bytes(msg2))  # prints "secret"

No special configuration required. Affects any application that reuses a CBORDecoder instance to decode messages from different sources.

Impact

Information disclosure. Applications that reuse a CBORDecoder across trust boundaries are vulnerable if the trusted messages use value sharing (tag 28) and an attacker can send messages containing shared references (tag 29). An attacker who can send a crafted CBOR message containing a sharedref tag can read values from previously decoded messages, potentially exposing sensitive data such as credentials, tokens, or private user data.

Related

A similar issue in the encoder could produce invalid CBOR with dangling shared references:

import cbor2
from io import BytesIO

# Create encoder with value sharing enabled
encoder = cbor2.CBOREncoder(BytesIO(), value_sharing=True)

# Persistent object that will be encoded multiple times
shared_obj = ['hello']

# First encode: array containing shared_obj twice
encoder.encode([shared_obj, shared_obj])
print(f'First encode: {encoder.fp.getvalue().hex()}')
# Output: d81c82d81c816568656c6c6fd81d01

# Second encode: just shared_obj
encoder.fp = BytesIO()
encoder.encode(shared_obj)
result = encoder.fp.getvalue()
print(f'Second encode: {result.hex()}')
# Output: d81d01  (just a shared reference to index 1!)

# Try to decode the second result as standalone CBOR
decoder = cbor2.CBORDecoder(BytesIO(result))
decoded = decoder.decode()
# FAILS: shared reference 1 not found

While primarily a correctness bug, it could cause denial of service if invalid CBOR is transmitted to downstream systems that fail to parse it, or cause silent data corruption if the dangling reference happens to resolve to an unrelated value.

It can also be considered a memory leak in both the decoder and encoder as references are held that will never be released as long as the decoder/encoder remains alive.

Suggested resolution

Add dedicated boolean flags to track when an encode/decode operation is in progress. Reset shared state only when the flag is False (top-level call). This ensures state is reset for standalone calls while preserving shared references for nested calls from hooks (which need access to the registry for cyclic structures).

Decoder (_decoding flag):

  • decode(): set flag True, reset state, decode, set flag False
  • decode_from_bytes(): reset state only when flag is False

Encoder (_encoding flag):

  • encode(): set flag True, reset state, encode, set flag False
  • encode_to_bytes(): reset state only when flag is False

Affected Packages

1 total 1 fixed
EcosystemPackageVulnerable rangeFix
🐍PyPIcbor23.0.0&&< 5.8.05.8.0

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for cbor2. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update cbor2 to 5.8.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-wcj4-jw5j-44wh is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-wcj4-jw5j-44wh is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-wcj4-jw5j-44wh. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. ### Details The issue is in the decoder's handling of the shareables list, which stores values tagged with CBOR tag 28 (shareable) for later reference by tag 29 (sharedref). When decode_from_bytes() is called or when .fp is set to a new
O3 Security · Impact-Aware SCA

Is GHSA-wcj4-jw5j-44wh in your dependencies?

O3 detects GHSA-wcj4-jw5j-44wh across PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works