CVE-2020-5234
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.01 Low
EPSS
Percentile
83.9%
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
Affected configurations
CNA Affected
[
{
"product": "MessagePack",
"vendor": "neuecc",
"versions": [
{
"status": "affected",
"version": "< 1.9.11"
},
{
"status": "affected",
"version": ">= 2.0.0, < 2.1.90"
}
]
},
{
"product": "MessagePack.ImmutableCollection",
"vendor": "neuecc",
"versions": [
{
"status": "affected",
"version": "< 1.9.11"
},
{
"status": "affected",
"version": ">= 2.0.0, < 2.1.90"
}
]
},
{
"product": "MessagePack.ReactiveProperty",
"vendor": "neuecc",
"versions": [
{
"status": "affected",
"version": "< 1.9.11"
},
{
"status": "affected",
"version": ">= 2.0.0, < 2.1.90"
}
]
},
{
"product": "MessagePack.UnityShims",
"vendor": "neuecc",
"versions": [
{
"status": "affected",
"version": "< 1.9.11"
},
{
"status": "affected",
"version": ">= 2.0.0, < 2.1.90"
}
]
}
]References
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.01 Low
EPSS
Percentile
83.9%