7 matches found
CVE-2026-48514
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining...
PT-2026-51398
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The UnsafeBlitFormatterBase.Deserialize function reads an attacker-controlled byteLength from an extension payload and allocates an array based o...
Prototype Pollution
Overview @orpc/client is a Affected versions of this package are vulnerable to Prototype Pollution via the deserialize function in StandardRPCJsonSerializer. An attacker can inject arbitrary properties into the global Object.prototype by sending specially crafted payloads containing dangerous...
EUVD-2025-31172
Malicious code in bioql PyPI...
The vulnerability of the deserialize() function in the Jwcrypto Python library, which allows a hacker to trigger a denial-of-service attack.
The vulnerability of the deserialize function in the JavaScript library used by Jwcrypto for cryptography involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially created JWE tok...
CVE-2022-28948
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input...
CoAPthon Serialize.deserialize() method denial of service vulnerability
CoAPthon is an RFC compliant python library for the CoAP protocol. A denial of service vulnerability exists in the Serialize.deserialize method in CoAPthon 3 version 1.0 and version 1.0.1. An attacker can exploit the vulnerability to cause applications using this library e.g., standard coap serve...