6 matches found
Denial-of-Service (DoS)
MessagePack for Java is vulnerable to a Denial-Of-Service DoS . The vulnerability is due to unbounded memory allocation during deserialization, where the library trusts attacker-controlled EXT32 payload length metadata and allocates a byte array of that declared size when ExtensionValue.getData i...
GHSA-CW39-R4H6-8J3X MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...
EUVD-2026-0750
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation...
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
UBUNTU-CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...