CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

CVE-2026-21452

CVE-2026-21452 affects MessagePack for Java prior to 0.9.11. During deserialization of .msgpack files containing EXT32 objects with attacker-controlled payload lengths, ExtensionValue.getData() allocates a byte array based on the declared length without upper-bound checks, enabling remote DoS via...

CVE-2026-21452 MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

PT-2026-1132

Name of the Vulnerable Software and Affected Versions MessagePack for Java versions prior to 0.9.11 Description A denial-of-service issue exists in MessagePack for Java when processing .msgpack files. Specifically, versions before 0.9.11 are susceptible to unbounded heap allocation when...

MessagePack for Java 安全漏洞

MessagePack for Java is a serializer software from MessagePack open source. A security vulnerability exists in MessagePack for Java versions prior to 0.9.11, which stems from a failure to limit the payload length when deserializing, which could result in a denial of service...

EUVD-2023-3146

Malicious code in bioql PyPI...

EUVD-2022-0638

Malicious code in bioql PyPI...

EUVD-2022-0709

Malicious code in bioql PyPI...

EUVD-2022-0619

Malicious code in bioql PyPI...

EUVD-2022-0631

Malicious code in bioql PyPI...

CVE-2024-48924

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2021-45693

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestringprimitive may read from uninitialized memory locations...

CVE-2020-5234

MessagePack for C and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps...

Security Bulletin: A vulnerability in messagepack affects IBM Robotic Process Automation and my result in excessive CPU consumption (CVE-2024-48924).

Summary A vulnerability in messagepack affects IBM Robotic Process Automation and my result in excessive CPU consumption. Messagepack is used by IBM Robotic Process Automation to serialize and deserialize data. This bulleten identifies the fixes required to resolve the vulnerability. Vulnerabilit...

GHSA-GJCC-JVGW-WVWJ Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

Denial Of Service (DoS)

MessagePack is vulnerable to a Denial Of Service DoS. This vulnerability is due to hash collisions triggered by specially crafted data, which allows an attacker to cause excessive CPU consumption during deserialization of untrusted data. A workaround involves creating a custom hash function by...

CVE-2024-48924

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...