5 matches found
Denial-of-Service (DoS)
MessagePack for Java is vulnerable to a Denial-Of-Service DoS . The vulnerability is due to unbounded memory allocation during deserialization, where the library trusts attacker-controlled EXT32 payload length metadata and allocates a byte array of that declared size when ExtensionValue.getData i...
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...
Linux Distros Unpatched Vulnerability : CVE-2026-21452
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack...
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...