2 matches found
CVE-2023-52079
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079
CVE-2023-52079 concerns msgpackr (NodeJS/JavaScript) before version 1.10.1. When decoding user-supplied MessagePack messages, the decoder can get stuck in a loop, tying up threads. The issue is associated with how certain extensions (e.g., 0x70) may be processed; a mitigation path involves replac...