Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

122 matches found

Github Security Blog
Github Security Blogadded 6 days ago13 views

Nerdbank.MessagePack has Inefficient CPU Computation

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

5.8AI score
Exploits0References3Affected Software1
Snyk
Snykadded 6 days ago4 views

Inefficient CPU Computation

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Inefficient CPU Computation in the WithExpandoObjectConverter. An attacker can cause excessive CPU consumption by deserializing special...

6.9CVSS5.8AI score
Exploits0References2
OSV
OSVadded 6 days ago4 views

GHSA-92VJ-HP7M-GWCJ Nerdbank.MessagePack has Inefficient CPU Computation

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

5.3CVSS5.8AI score
Exploits0References3
OSV
OSVadded 6 days ago3 views

GHSA-QJVR-435C-5FJH Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...

5.3CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 6 days ago14 views

Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...

5.7AI score
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/22 10:22 a.m.5 views

EUVD-2026-31426

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00106EPSS
Exploits0References1
NVD
NVDadded 2026/05/14 3:16 p.m.6 views

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS0.00055EPSS
Exploits0References4
CVE
CVEadded 2026/05/14 2:32 p.m.3 views

CVE-2026-44375

The CVE-2026-44375 entry affects Nerdbank.MessagePack. The vulnerability arises in DateTime decoding where the reader can be fed a malicious MessagePack payload declaring an oversized timestamp extension length, enabling an attacker-controlled amount of stack memory to be allocated via stackalloc...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/14 2:32 p.m.4 views

EUVD-2026-30299

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/14 2:32 p.m.3 views

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/14 2:32 p.m.3 views

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/14 2:32 p.m.31 views

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS0.00055EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/14 12:0 a.m.5 views

Nerdbank.MessagePack 安全漏洞

Nerdbank.MessagePack is a .NET platform-specific MessagePack serialization library developed by Andrew Arnott. Versions of Nerdbank.MessagePack prior to 1.1.62 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled stack allocation during DateTime decoding. Malicious...

7.5CVSS5.8AI score0.00055EPSS
Exploits0References1
OSV
OSVadded 2026/05/06 11:5 p.m.3 views

GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/06 12:0 a.m.4 views

PT-2026-38312

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00055EPSS
Exploits0References8
NVD
NVDadded 2026/03/26 8:16 p.m.1 views

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS0.00062EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/03/26 7:40 p.m.1 views

CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

6AI score0.00062EPSS
Exploits1References4
Snyk
Snykadded 2026/03/23 6:14 p.m.0 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted MessagePack data. Remediation There is no fixed version...

8.7CVSS5.9AI score
Exploits0References3
Snyk
Snykadded 2026/03/23 6:14 p.m.0 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted MessagePack data. Remediation There is no fixed version...

8.7CVSS5.9AI score
Exploits0References3
Snyk
Snykadded 2026/03/23 6:14 p.m.1 views

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v3/internal/decoding is a None Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially...

8.7CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder