Lucene search
K

235 matches found

SUSE CVE
SUSE CVE
added 2026/07/02 6:35 a.m.5 views

SUSE CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-57585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of- bounds read/crash on Unpacker reuse after a caught erro...

7.5CVSS6AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 10:16 p.m.7 views

CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:16 p.m.4 views

DEBIAN-CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS5.7AI score0.00278EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 9:36 p.m.4 views

CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS5.7AI score0.00278EPSS
Exploits0
OSV
OSV
added 2026/06/30 9:36 p.m.3 views

CVE-2026-57585 MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 9:36 p.m.27 views

CVE-2026-57585

The CVE concerns MessagePack for Python (msgpack). Prior to version 1.2.1, reusing an Unpacker after a caught error can trigger an out-of-bounds read/crash, potentially causing a DoS via SEGV. A fix is available in version 1.2.1. This entry uses concrete details from the connected records (produc...

7.5CVSS5.7AI score0.00278EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.15 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS7.2AI score0.0243EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 9:31 p.m.10 views

EUVD-2026-38363

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:31 p.m.4 views

GHSA-QHMF-XW27-6RQR MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments

Summary MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic typ...

6.3CVSS5.9AI score0.00246EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 9:29 p.m.7 views

EUVD-2026-38380

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 9:26 p.m.11 views

EUVD-2026-38381

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:25 p.m.5 views

GHSA-W567-GJR2-HM5J MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length

Summary UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes. The outer extension header is bounded by available input, b...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:22 p.m.7 views

GHSA-WFR3-XJ75-PFWH MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement

Summary Runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means union deserialization does not consistently participate in the maximum...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 7:51 p.m.3 views

GHSA-CJ9G-3MJ2-G8VV MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

Summary MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization. Three related issues are covered by this advisory: 1...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 7:36 p.m.10 views

EUVD-2026-38385

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 7:36 p.m.7 views

GHSA-2X83-8G95-XH59 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

Summary ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many distinct keys can require repeated linear scans and array copies. For large...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:53 p.m.4 views

GHSA-V72X-2H86-7F8M MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

Summary When MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed data is valid or that the declared expansion is reasonable. A small paylo...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:52 p.m.6 views

GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...

6.3CVSS5.6AI score0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:46 p.m.10 views

EUVD-2026-38388

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Rows per page
Query Builder