Lucene search
K

51 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-48109

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:19 p.m.5 views

CVE-2026-48109

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:19 p.m.80 views

CVE-2026-48109

CVE-2026-48109 affects MessagePack-CSharp in the optional LZ4 decompression path (Lz4Block, Lz4BlockArray). The vulnerability stems from a deprecated fast-decompression algorithm that does not enforce a source-length bound, enabling a remote attacker to craft payloads with manipulated LZ4 token/l...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:19 p.m.23 views

CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:16 p.m.23 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:16 p.m.20 views

CVE-2026-48510

CVE-2026-48510 affects MessagePack-CSharp (C#) prior to 2.5.301 and 3.1.7. When decompressing Lz4Block or Lz4BlockArray payloads, the library reads declared uncompressed lengths from the wire and allocates output buffers before validating the data, allowing a small payload to trigger a large allo...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.4 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix for lz4 inplace decompression Currently, EROFS can map another compressed buffer for inplace decompression, which was used to handle cases where some pages of compressed data are not actually in-place I/O. However, lik...

6.1CVSS5.6AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 8:34 p.m.6 views

Out-of-bounds Read

Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Out-of-bounds Read in the LZ4 decompression path for Lz4Block and Lz4BlockArray modes. An attacker can cause process termination or potentially access...

8.8CVSS5.5AI score0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 9:27 p.m.15 views

CVE-2026-45999

A flaw was found in the Linux kernel's EROFS Enhanced Read-Only File System component. A local user could provide a specially crafted EROFS image that triggers an unsigned underflow in the zerofslz4handleoverlap function during LZ4 inplace decompression. This vulnerability allows the system to re...

7.1CVSS5.8AI score0.00131EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 2:17 p.m.5 views

UBUNTU-CVE-2026-45999

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

7.1CVSS5.7AI score0.00131EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2 : rust, --advisory ALAS2-2026-3225 (ALAS-2026-3225)

The version of rust installed on the remote host is prior to 1.93.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3225 advisory. Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations wh...

8.2CVSS6AI score0.00608EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-9446

Malware in sbrugna...

6.5CVSS6.9AI score0.02889EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2022-49078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've...

7.8CVSS6.3AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 7:0 a.m.2 views

DEBIAN-CVE-2022-49078

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

7.8CVSS5.7AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 1:54 a.m.20 views

CVE-2022-49078 lz4: fix LZ4_decompress_safe_partial read out of bound

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

0.00248EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/02/26 1:54 a.m.4 views

CVE-2022-49078

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

7.8CVSS5.7AI score0.00248EPSS
Exploits0
OSV
OSV
added 2025/02/26 1:54 a.m.9 views

CVE-2022-49078 lz4: fix LZ4_decompress_safe_partial read out of bound

In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...

7.8CVSS6AI score0.00248EPSS
Exploits0References9
OSV
OSV
added 2024/02/29 3:52 p.m.8 views

CVE-2023-52497 erofs: fix lz4 inplace decompression

In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...

6.1CVSS6.3AI score0.00278EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/01/10 2:41 a.m.1 views

SUSE CVE-2023-35955

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerabili...

7.8CVSS8.3AI score0.00438EPSS
Exploits1References3
Rows per page
Query Builder