10 matches found
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
Linux Distros Unpatched Vulnerability : CVE-2026-21452
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack...
DEBIAN-CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21452
CVE-2026-21452 affects MessagePack for Java prior to 0.9.11. During deserialization of .msgpack files containing EXT32 objects with attacker-controlled payload lengths, ExtensionValue.getData() allocates a byte array based on the declared length without upper-bound checks, enabling remote DoS via...
CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
PT-2026-1132
Name of the Vulnerable Software and Affected Versions MessagePack for Java versions prior to 0.9.11 Description A denial-of-service issue exists in MessagePack for Java when processing .msgpack files. Specifically, versions before 0.9.11 are susceptible to unbounded heap allocation when...