Lucene search
K

5 matches found

OSV
OSV
added 2026/06/25 6:46 p.m.5 views

GHSA-VH6J-JC39-FGGF MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

Summary MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the library's documented protection against deeply nested object graphs. Many...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:46 p.m.10 views

EUVD-2026-38388

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:17 p.m.26 views

CVE-2026-48506 MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:17 p.m.47 views

CVE-2026-48506

The CVE-2026-48506 entry concerns MessagePack-CSharp: MessagePackReader.TrySkip() can recurse without incrementing depth checks, bypassing MaximumObjectGraphDepth and risking unbounded recursion leading to StackOverflow. Affected: MessagePack-CSharp (reader Skip usage in nested arrays/maps). Root...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder