Описание
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.3 (исключая)Версия от 2.0.323 (включая) до 2.1.80 (исключая)
Одно из
cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.94:alpha:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.110:alpha:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.119:beta:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.123:beta:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.204:beta:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.270:rc:*:*:*:c\#:*:*
cpe:2.3:a:messagepack:messagepack:2.0.299:rc:*:*:*:c\#:*:*
EPSS
Процентиль: 68%
0.00578
Низкий
4.8 Medium
CVSS3
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-121
CWE-787
Связанные уязвимости
CVSS3: 4.8
github
около 6 лет назад
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
EPSS
Процентиль: 68%
0.00578
Низкий
4.8 Medium
CVSS3
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-121
CWE-787