Vendor
The fido2-lib library is vulnerable to a denial-of-service (DoS) attack due to a heap buffer over-read in the cbor-extract dependency when parsing CBOR attestation data, allowing an attacker to crash the server by sending a crafted CBOR payload during WebAuthn registration.