Matteo Collina msgpack5 安全漏洞

Matteo Collina msgpack5 is a Matteo Collina open source application . Provides a msgpack v5 implementation for node.js and browsers with extension point support. A security vulnerability exists in Matteo Collina msgpack5 that stems from the fact that an attacker who submits carefully crafted...

PT-2021-14450 · Msgpack5 · Msgpack5

Name of the Vulnerable Software and Affected Versions: msgpack5 versions prior to 3.6.1 msgpack5 versions prior to 4.5.1 msgpack5 versions prior to 5.2.1 Description: The issue occurs when msgpack5 decodes a map containing a key proto , assigning the decoded value to proto . This allows an attack...

Denial Of Service (DoS)

MessagePack is vulnerable to denial of service. Untrusted data and deeply nested object graphs can lead to hash collisions and stack overflow that results in an application crash...

CVE-2020-5234

MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...

Stack overflow

MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...

Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

GHSA-7Q36-4XX7-XCXF Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

CVE-2020-5234 Untrusted data can lead to DoS attack in MessagePack for C# and Unity

MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...

CVE-2020-5234

CVE-2020-5234 affects MessagePack for C# and Unity before version 1.9.11 and 2.1.90, where deserializing untrusted data can cause a DoS via hash collisions or stack overflow. The issue is documented across multiple sources (NVD, GitHub advisory GHSA-7Q36-4XX7-XCXF, Red Hat/RH entries, OSV) and is...

[SECURITY] Fedora 30 Update: msgpack-d-1.0.0-0.6.beta.7.fc30

MessagePack is a binary-based JSON-like serialization library...