CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

195 matches found

CVE•added 2021/12/26 9:50 p.m.•53 views

CVE-2021-45693

The CVE-2021-45693 entry concerns the Rust crate messagepack-rs (through 2021-01-26). The vulnerability affects the deserialize_string_primitive function, which may read from uninitialized memory locations, potentially leading to memory corruption. Public references include Red Hat and OSV entrie...

9.8CVSS9.2AI score0.01191EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/12/26 9:50 p.m.•17 views

CVE-2021-45693

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestringprimitive may read from uninitialized memory locations...

9.6AI score0.01191EPSS

Exploits0References2

OSV•added 2021/03/12 10:44 p.m.•0 views

GHSA-GMJW-49P4-PCFM Prototype poisoning

Impact The issue is as follows: when msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. As you are no doubt aware, Object.prototype.proto is an accessor property for the receiver's prototype. If the value corresponding to the key proto decodes to an object or...

6.7CVSS5.7AI score0.01649EPSS

Exploits1References7

NVD•added 2021/03/12 5:15 p.m.•14 views

CVE-2021-21368

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

8.8CVSS0.01649EPSS

Exploits1References6

Cvelist•added 2021/03/12 5:0 p.m.•22 views

CVE-2021-21368 Prototype poisoning

6.7CVSS9.1AI score0.01649EPSS

Exploits1References6

CNNVD•added 2021/03/12 12:0 a.m.•2 views

Matteo Collina msgpack5 安全漏洞

Matteo Collina msgpack5 is a Matteo Collina open source application . Provides a msgpack v5 implementation for node.js and browsers with extension point support. A security vulnerability exists in Matteo Collina msgpack5 that stems from the fact that an attacker who submits carefully crafted...

8.8CVSS7.8AI score0.01649EPSS

Exploits1References9

Positive Technologies•added 2021/03/12 12:0 a.m.•2 views

PT-2021-14450 · Msgpack5 · Msgpack5

Name of the Vulnerable Software and Affected Versions: msgpack5 versions prior to 3.6.1 msgpack5 versions prior to 4.5.1 msgpack5 versions prior to 5.2.1 Description: The issue occurs when msgpack5 decodes a map containing a key proto , assigning the decoded value to proto . This allows an attack...

8.8CVSS8.5AI score0.01649EPSS

Exploits1References9

Veracode•added 2020/02/04 4:15 a.m.•10 views

Denial Of Service (DoS)

MessagePack is vulnerable to denial of service. Untrusted data and deeply nested object graphs can lead to hash collisions and stack overflow that results in an application crash...

6.5CVSS2.4AI score0.01578EPSS

Exploits0References8Affected Software2

NVD•added 2020/01/31 6:15 p.m.•9 views

CVE-2020-5234

MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...

6.8CVSS5.3AI score0.01578EPSS

Exploits0References4

Prion•added 2020/01/31 6:15 p.m.•17 views

Stack overflow

6.8CVSS6.4AI score0.01578EPSS

Exploits0References4Affected Software1

OSV•added 2020/01/31 5:59 p.m.•19 views

GHSA-7Q36-4XX7-XCXF Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

4.8CVSS6.9AI score0.01578EPSS

Exploits0References8

Github Security Blog•added 2020/01/31 5:59 p.m.•140 views

Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

6.8CVSS6.3AI score0.01578EPSS

Exploits0References8Affected Software5

CVE•added 2020/01/31 5:50 p.m.•121 views

CVE-2020-5234

CVE-2020-5234 affects MessagePack for C# and Unity before version 1.9.11 and 2.1.90, where deserializing untrusted data can cause a DoS via hash collisions or stack overflow. The issue is documented across multiple sources (NVD, GitHub advisory GHSA-7Q36-4XX7-XCXF, Red Hat/RH entries, OSV) and is...

6.8CVSS5.6AI score0.01578EPSS

Exploits0References4Affected Software1

Cvelist•added 2020/01/31 5:50 p.m.•15 views

CVE-2020-5234 Untrusted data can lead to DoS attack in MessagePack for C# and Unity

4.8CVSS6.4AI score0.01578EPSS

Exploits0References4