Lucene search
K

5 matches found

OSV
OSV
added 2026/06/25 9:25 p.m.5 views

GHSA-W567-GJR2-HM5J MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length

Summary UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes. The outer extension header is bounded by available input, b...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.11 views

CVE-2026-48514

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining...

7.5CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:11 p.m.26 views

CVE-2026-48514 MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining...

6.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51398

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The UnsafeBlitFormatterBase.Deserialize function reads an attacker-controlled byteLength from an extension payload and allocates an array based o...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2025/12/17 12:0 a.m.7 views

Apple Safari JavaScriptCore FTL DataView byteLength Property Handling Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

8.8CVSS6.9AI score0.32EPSS
Exploits0References1
Rows per page
Query Builder