12 matches found
The vulnerability of the MessagePack NodeJS/JavaScript msgpackr implementation allows a hacker to cause a service failure.
The vulnerability of the MessagePack NodeJS/JavaScript msgpackr implementation lies in the ability for users to execute suspended threads, creating messages that lock the decoder. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Denial Of Service
msgpackr is vulnerable to Denial Of Service DoS. The vulnerability is due to faulty validation for user supplied MessagePack messages. An attacker can trigger an infinite loop by specially crafted messages, resulting in Denial of Service...
@cmmn/domain (>=1.9.13 <=2.2.3), @hummhive/saltpack (>=1.0.0 <=1.3.0) +13 more potentially affected by CVE-2023-52079 via msgpackr (>=0.1.8 <=1.10.0)
msgpackr NPM version =0.1.8, =1.9.13, =1.0.0, =4.0.2-cmmn, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.2, =0.7.0, =0.5.0, =0.7.1, =0.7.4 Source cves: CVE-2023-52079 Source advisory: OSV:GHSA-7HPJ-7HHX-2FGX...
msgpackr's conversion of property names to strings can trigger infinite recursion
Impact When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. Patches The fix is available in v1.10.1 Workarounds Exploits seem to require structured cloning, replacing the 0x70 extension with your own that...
CVE-2023-52079
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
Information disclosure
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079 Conversion of property names to strings can trigger infinite recursion
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079
CVE-2023-52079 concerns msgpackr (NodeJS/JavaScript) before version 1.10.1. When decoding user-supplied MessagePack messages, the decoder can get stuck in a loop, tying up threads. The issue is associated with how certain extensions (e.g., 0x70) may be processed; a mitigation path involves replac...
CVE-2023-52079 Conversion of property names to strings can trigger infinite recursion
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
CVE-2023-52079 Conversion of property names to strings can trigger infinite recursion
msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured...
PT-2023-9033 · Msgpackr +1 · Msgpack +1
Name of the Vulnerable Software and Affected Versions: msgpackr versions prior to 1.10.1 Description: The issue is related to the decoding of user-supplied MessagePack messages, which can cause threads to become stuck in a loop. This can be triggered by crafting specific messages. Exploits seem t...