CVE-2021-46878

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...

PT-2022-36776 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

Denial Of Service (DoS)

github.com/shamaton/msgpack is vulnerable to denial of serviceDoS attacks. A remote attacker is able to cause an application crash in Unmarshal functionality, via a maliciously crafted input...

CVE-2022-41719 Panic in github.com/shamaton/msgpack/v2

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks...

GO-2022-0972 Panic in github.com/shamaton/msgpack/v2

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks...

Msgpack 安全漏洞

Msgpack is open source an efficient binary serialization format . It allows you to exchange data between multiple languages such as JSON. But it's faster and smaller. Small integers are encoded as one byte, and typical short strings require only one extra byte in addition to the string itself...

GHSA-MX67-WV8X-HVV9 Deserialization of Untrusted Data in msgpack

Withdrawn This advisory was withdrawn by its CNA Snyk. Original advisory All versions of package msgpack are vulnerable to Deserialization of Untrusted Data via the unpack function. This does not affect the similarly named package @msgpack/msgpack...

Deserialization of Untrusted Data in msgpack

Withdrawn This advisory was withdrawn by its CNA Snyk. Original advisory All versions of package msgpack are vulnerable to Deserialization of Untrusted Data via the unpack function. This does not affect the similarly named package @msgpack/msgpack...

Exploit for CVE-2021-23410

Test for https://snyk.io/vuln/SNYK-JS-MSGPACK-1296122 This look...

openSUSE: Security Advisory for salt (openSUSE-SU-2021:0899-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0899-1 Security update for salt

This update for salt fixes the following issues: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - virt module updates network: handle missing ipv4...

SUSE-SU-2021:2106-1 Security update for salt

This update for salt fixes the following issues: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - virt module updates network: handle missing ipv4...

SUSE-SU-2021:1690-1 Security Beta update for Salt

This update fixes the following issues: salt: - Update to Salt release version 3002.2 jscECO-3212 - Drop support for Python2. Obsoletes 'python2-salt' package - Virt module updates network: handle missing ipv4 netmask attribute more network support PCI/USB host devices passthrough support - Set...

Deserialization of Untrusted Data

Amendment This was deemed not a vulnerability. Overview msgpack is an A space-efficient object serialization library for node.js Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unpack function. N.B: this affects the NPM package msgpack only, NOT the...

@anandsuresh/smart-stream (>=1.0.1 <=1.1.0), @anandsuresh/smart_stream (=1.0.0) +10 more potentially affected by CVE-2021-21368 via msgpack5 (>=4.0.2 <=4.4.0)

msgpack5 NPM version =4.0.2, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.2, =1.2.9, =2.0.0, =0.5.6, =0.1.0, =0.1.3 Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...

bigio (>=0.1.3 <=0.1.13), deadpool (=0.0.1) +45 more potentially affected by CVE-2021-21368 via msgpack5 (>=1.3.5 <=3.5.1)

msgpack5 NPM version =1.3.5, =0.1.3, =0.3.0, =1.0.1, =0.2.0, =0.1.6, =0.1.0, =0.0.3, =0.0.3, =0.0.3, =0.6.2, =0.7.6 and more Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...

Denial Of Service (DoS)

github.com/vmihailenco/msgpack is vulnerable to denial of serviceDoS attacks. The library does not limit the decoding message size, allowing an attacker to submit large size of messages which cause an application to crash...

[SECURITY] Fedora 30 Update: msgpack-d-1.0.0-0.6.beta.7.fc30

MessagePack is a binary-based JSON-like serialization library...

Denial Of Service (DoS)

msgpack is vulnerable to denial of service. The default decode limits is too large, which will allow an attacker to deplete available resource and cause the process to crash...

RUSTSEC-2017-0006 Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...