Lucene search
Veracode Vulnerability DatabaseVERACODE:22452HistoryFeb 04, 2020 - 4:15 a.m.
Denial Of Service (DoS)
2020-02-0404:15:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
0.01 Low
EPSS
Percentile
83.9%
MessagePack is vulnerable to denial of service. Untrusted data and deeply nested object graphs can lead to hash collisions and stack overflow that results in an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft.aspnetcore.signalr.protocols.messagepack | le | 3.1.20 | |
| messagepack | le | 1.9.3 | |
| messagepack | le | 2.1.80 |
References
github.com/advisories/GHSA-7q36-4xx7-xcxf
github.com/aspnet/Announcements/issues/405
github.com/dotnet/aspnetcore/issues/18716
github.com/dotnet/aspnetcore/issues/18717
github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02
github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007
github.com/neuecc/MessagePack-CSharp/issues/810
github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf
Related
osv
osv
CVE-2020-5234
2020-01-31 18:15:11
prion
prion
Stack overflow
2020-01-31 18:15:00
github
github
cve
cve
CVE-2020-5234
2020-01-31 18:15:11
cvelist
cvelist
nvd
nvd
CVE-2020-5234
2020-01-31 18:15:11