MidnightBSD

Advisories for messagepack

CVE-2020-5234 MEDIUM

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security-advisories@github.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
messagepack messagepack 2.0.110
messagepack messagepack 2.0.94
messagepack messagepack 2.0.119
messagepack messagepack 2.0.204
messagepack messagepack *
messagepack messagepack 2.0.299
messagepack messagepack 2.0.270
messagepack messagepack 2.0.123