Lucene search
K

27 matches found

OSV
OSV
added 2026/06/25 7:51 p.m.3 views

GHSA-CJ9G-3MJ2-G8VV MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

Summary MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization. Three related issues are covered by this advisory: 1...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:35 p.m.7 views

EUVD-2026-38389

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 9:19 p.m.3 views

CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS6AI score0.00296EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:19 p.m.102 views

CVE-2026-48109

CVE-2026-48109 affects MessagePack-CSharp in the optional LZ4 decompression path (Lz4Block, Lz4BlockArray). The vulnerability stems from a deprecated fast-decompression algorithm that does not enforce a source-length bound, enabling a remote attacker to craft payloads with manipulated LZ4 token/l...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:19 p.m.26 views

CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:18 p.m.4 views

CVE-2026-48502 MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

8.2CVSS6AI score0.00255EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:17 p.m.47 views

CVE-2026-48506

The CVE-2026-48506 entry concerns MessagePack-CSharp: MessagePackReader.TrySkip() can recurse without incrementing depth checks, bypassing MaximumObjectGraphDepth and risking unbounded recursion leading to StackOverflow. Affected: MessagePack-CSharp (reader Skip usage in nested arrays/maps). Root...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:16 p.m.8 views

CVE-2026-48509

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:16 p.m.36 views

CVE-2026-48509

CVE-2026-48509 affects MessagePack for C# (ASP.NET Core MVC context). The issue is that, prior to versions 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() uses default serializer options that resolve to Standard with MessagePackSecurity.TrustedData, which can cross HTTP trust bou...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:16 p.m.30 views

CVE-2026-48509 MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

6.3CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:14 p.m.6 views

CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:14 p.m.21 views

CVE-2026-48512

CVE-2026-48512 affects MessagePack-CSharp. The JSON conversion helpers in MessagePack-CSharp allowed recursive processing without a consistent depth limit, enabling attacker-controlled input to exhaust the process stack and trigger a StackOverflowException. This occurs in the JSON conversion path...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:14 p.m.6 views

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:14 p.m.26 views

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

6.3CVSS0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:14 p.m.3 views

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS6AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:11 p.m.6 views

CVE-2026-48514 MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:11 p.m.26 views

CVE-2026-48514 MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining...

6.3CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:10 p.m.21 views

CVE-2026-48515

Summary: CVE-2026-48515 affects MessagePack-CSharp. Before versions 2.5.301 and 3.1.7, multi-dimensional array formatters allocate T[,] / T[,,] / T[,,,] using dimension lengths read from the payload before validating the encoded element count, enabling large heap allocations. Impact: potential hi...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder