Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.
AnalysisAI
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. Affected products include: Messagepack Project Messagepack.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Messagepack
View allMessagePack for Java versions prior to 0.9.11 are vulnerable to denial-of-service attacks through malicious .msgpack fil
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS a
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today