Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/25 6:35 p.m.6 views

EUVD-2026-38389

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:35 p.m.2 views

GHSA-382J-8MXH-C7X2 MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows

Summary MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension body length from the wire and is used in a stackalloc operation before the...

8.2CVSS6.1AI score0.00255EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.18 views

CVE-2026-48502

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

8.2CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:18 p.m.25 views

CVE-2026-48502

MessagePack-CSharp contains a Denial of Service vulnerability in MessagePackReader.ReadDateTime() where a stack allocation is driven by attacker-controlled extension length. In the slow path, tokenSize includes the extension body length and is used in a stackalloc before the extension length is v...

8.2CVSS5.9AI score0.00255EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:18 p.m.26 views

CVE-2026-48502 MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

8.2CVSS0.00255EPSS
Exploits0References1
Rows per page
Query Builder