Lucene search
K

16 matches found

Cvelist
Cvelist
added 2026/06/30 9:36 p.m.26 views

CVE-2026-57585 MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 12:4 p.m.8 views

ROOT-APP-PYPI-GHSA-6V7P-G79W-8964 GHSA-6v7p-g79w-8964 in rootio-msgpack - Patched by Root

Root has patched GHSA-6v7p-g79w-8964 in the rootio-msgpack package for Root:PyPI. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/25 9:29 p.m.5 views

GHSA-Q2H6-GHWM-5QM8 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

Summary InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. Other hash-based collection formatters use the security-aware comparer when...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 9:25 p.m.8 views

EUVD-2026-38382

MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:51 p.m.8 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:53 p.m.9 views

EUVD-2026-38386

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:52 p.m.8 views

EUVD-2026-38387

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/18 5:28 a.m.2 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS7AI score0.0243EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 8:53 p.m.53 views

CVE-2026-42600

Summary of the vulnerability (CVE-2026-42600) : MinIO’s ReadMultiple internode storage-REST endpoint is vulnerable to path traversal when processing a msgpack-encoded ReadMultipleReq body. An attacker holding the cluster root JWT can craft a request to POST /minio/storage/{drivePath}/v63/rmpl wit...

6.9CVSS5.8AI score0.08457EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/18 12:59 p.m.2 views

GHSA-H9Q6-HC68-35RP Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS5.9AI score0.00405EPSS
Exploits1References6
CVE
CVE
added 2026/03/16 8:10 p.m.20 views

CVE-2026-2454

Mattermost vulnerability CVE-2026-2454 affects Mattermost server versions 11.3.x (≤11.3.0), 11.2.x (≤11.2.2), and 10.11.x (≤10.11.10). The issue arises from incorrect handling of array lengths in error reports, enabling a malicious user to trigger OOMs and crash the server by sending corrupted ms...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/05 9:11 p.m.3 views

Deserialization of Untrusted Data

Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded...

7.3CVSS6AI score0.05219EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/05 9:11 p.m.5 views

Deserialization of Untrusted Data

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the msgpack-encoded checkpoints. An attacker can execute arbitrary code by supplying a crafted msgpack-encoded payload to the...

7.3CVSS6AI score0.05219EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 8:19 p.m.9 views

EUVD-2026-9860

LangGraph checkpoint loading has unsafe msgpack deserialization...

6.8CVSS5.9AI score0.05219EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/28 12:0 a.m.3 views

msgpacker security vulnerability

msgpacker is a fast MessagePack NodeJS/JavaScript implementation. A security vulnerability exists in versions of msgpacker prior to 1.10.1, which stems from the fact that when decoding a user-supplied MessagePack message, an attacker can craft the message in such a way that the decoder triggers...

6.8CVSS6.7AI score0.00685EPSS
Exploits0References4
OSV
OSV
added 2023/04/11 6:15 p.m.13 views

CVE-2021-46878

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...

7.8CVSS8.1AI score
Exploits0References2
Rows per page
Query Builder