CVE-2020-5234

🗓️ 31 Jan 2020 17:50:14Reported by GitHub_MType

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability leading to DoS attack. Review GitHub Security Advisory

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2020-5234 Untrusted data can lead to DoS attack in MessagePack for C# and Unity	31 Jan 202017:50	–	cvelist
EUVD	EUVD-2020-0254	7 Oct 202500:30	–	euvd
Github Security Blog	Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack	31 Jan 202017:59	–	github
NVD	CVE-2020-5234	31 Jan 202018:15	–	nvd
OSV	GHSA-7Q36-4XX7-XCXF Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack	31 Jan 202017:59	–	osv
Prion	Stack overflow	31 Jan 202018:15	–	prion
RedhatCVE	CVE-2020-5234	22 May 202516:42	–	redhatcve
Snyk	Use of Weak Hash	17 Oct 202419:30	–	snyk
Veracode	Denial Of Service (DoS)	4 Feb 202004:15	–	veracode

NVD

Vulners

Node

messagepack messagepackRange<1.9.3c#

messagepack messagepackRange2.0.323–2.1.80c#

messagepack messagepackMatch2.0.94alphac#

messagepack messagepackMatch2.0.110alphac#

messagepack messagepackMatch2.0.119betac#

messagepack messagepackMatch2.0.123betac#

messagepack messagepackMatch2.0.204betac#

messagepack messagepackMatch2.0.270rcc#

messagepack messagepackMatch2.0.299rcc#

[
  {
    "product": "MessagePack",
    "vendor": "neuecc",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.9.11"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.1.90"
      }
    ]
  },
  {
    "product": "MessagePack.ImmutableCollection",
    "vendor": "neuecc",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.9.11"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.1.90"
      }
    ]
  },
  {
    "product": "MessagePack.ReactiveProperty",
    "vendor": "neuecc",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.9.11"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.1.90"
      }
    ]
  },
  {
    "product": "MessagePack.UnityShims",
    "vendor": "neuecc",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.9.11"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.1.90"
      }
    ]
  }
]

Source	Link
github	www.github.com/neuecc/MessagePack-CSharp/issues/810
github	www.github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02
github	www.github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007
github	www.github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf

21 Nov 2024 05:33Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.14.8 - 6.5

CVSS 26.8

EPSS0.00549