CVE-2024-48924

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2024-48924

CVE-2024-48924 affects MessagePack-CSharp: deserializing untrusted MessagePack data can cause DoS via hash collisions, causing high CPU usage and potential stack overflow. The issue mirrors an earlier hash-collision advisory and is mitigated by upgrading to a patched library version and applying ...

CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

Use of Weak Hash

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Use of Weak Hash through the deserialization process. An attacker can cause a denial of service by sending specially crafted data that leads to hash...

GHSA-4QM4-8HG2-G2XM MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

MessagePack for C# 安全漏洞

MessagePack for C is a MessagePack serializer from the MessagePack-CSharp open source. A security vulnerability exists in MessagePack for C versions prior to 2.5.187 and versions prior to 2.6.95-alpha through 3.0.214-rc.1, which stems from a disproportionately large amount of CPU consumption duri...

PT-2024-33272 · Unknown · Messagepack-Csharp

Name of the Vulnerable Software and Affected Versions: MessagePack-CSharp versions prior to 2.5.187 and 3.0.214 Description: The vulnerability occurs when the library is used to deserialize messagepack data from an untrusted source, leading to a risk of a denial of service attack by an attacker...

The vulnerability of the MessagePack NodeJS/JavaScript msgpackr implementation allows a hacker to cause a service failure.

The vulnerability of the MessagePack NodeJS/JavaScript msgpackr implementation lies in the ability for users to execute suspended threads, creating messages that lock the decoder. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

ROS-20240418-08

A vulnerability in the Browserify-sign cryptographic functionality duplication package is related to the upper bound check in the dsaVerify function. Exploitation of the vulnerability could allow an attacker, acting remotely, to create signatures that can be successfully verified by any public ke...

CVE-2023-52079 Conversion of property names to strings can trigger infinite recursion

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

MessagePack for Golang subject to DoS via Unmarshal panic

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1...

GHSA-JR77-8GX4-H5QH MessagePack for Golang subject to DoS via Unmarshal panic

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1...

GHSA-6QV6-Q77G-7QM6 NVFLARE unsafe deserialization due to Pickle

Impact NVFLARE contains a vulnerability where deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. All versions before 2.1.4 are affected. CVSS Score =...

NVFLARE unsafe deserialization due to Pickle

Impact NVFLARE contains a vulnerability where deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. All versions before 2.1.4 are affected. CVSS Score =...

PT-2022-22281 · Nvflare · Nvflare

Name of the Vulnerable Software and Affected Versions: NVFLARE versions prior to 2.1.4 Description: The issue concerns deserialization of untrusted data due to Pickle usage, which may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and impact both...

Fedora: Security Advisory for golang-github-tinylib-msgp (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...