Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionGitHub Advisory
Summary
Unbounded Memory Allocation (all platforms)
A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service).
Affected code (C++):
cpp/runtime/src/zserio/Array.h(line 1029) -m_rawArray.reserve(readLength)with uncheckedreadLengthcpp/runtime/src/zserio/BitStreamReader.h(lines 249, 281) -value.reserve(len)with uncheckedlen
Affected code (Java):
java/runtime/src/zserio/runtime/array/Array.java(line 271) -rawArray.reset(readSize)→new int[readSize]java/runtime/src/zserio/runtime/io/ByteArrayBitStreamReader.java(line 245) -new byte[length]
Proof of Concept
Memory Allocation DoS (verified on 64-bit)
| Payload | Claimed Size | Allocated | Amplification |
|---|---|---|---|
| 4 bytes | 100,000,000 | 762 MB | ~200 million x |
| 5 bytes | 2,147,483,647 | ~16 GB | system crash |
The full PoC source code and Docker build files are available upon request.
Impact
zserio is the serialization framework underlying the NDS (Navigation Data Standard), used by 43 member companies including Toyota, BMW, Volkswagen, Mercedes-Benz, and others. According to the Eclipse zserio project:
> "Zserio serialized data is used in millions of deployments in cars on the road"
Attack vectors include NDS.Live cloud map updates, map data supply chain compromise, and backend data processing pipelines. On 32-bit automotive ECUs, this could affect ADAS functionality.
Suggested Fix
For all runtimes: Validate varsize against stream size
if (claimedSize > remainingBytesInStream) {
throw error("varsize claims more data than available in stream");
}Disclosure Timeline
- 2026-03-08: Reported to Woven by Toyota PSIRT (go-zserio)
- 2026-03-10: Reported to ndsev/zserio maintainers via GitHub Security Advisory
- 2026-03-23: Split off overflow vulnerability to own report
- 90-day coordinated disclosure timeline
A patch for this issue is available at https://github.com/ndsev/zserio/releases/tag/v2.18.1.
Reporter
Ryuji Yasukochi (ryuji.yasu@gmail.com)
AnalysisAI
Unbounded memory allocation in Eclipse zserio serialization framework allows remote attackers to trigger system crashes via crafted payloads as small as 4-5 bytes, forcing allocations up to 16 GB and causing out-of-memory errors. Affects both C++ and Java runtimes used in Navigation Data Standard (NDS) implementations deployed across millions of vehicles from Toyota, BMW, Volkswagen, Mercedes-Benz, and 39 other automotive manufacturers. Vendor-released patch available in zserio v2.18.1, addressing unchecked length parameters in Array.h, BitStreamReader.h, and Java runtime equivalents. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation without authentication.
Technical ContextAI
Eclipse zserio is a serialization framework implementing variable-length integer encoding (varsize) for compact binary representation. The vulnerability exists in the deserialization logic where length fields read from untrusted input streams directly drive memory allocation calls without validation against remaining stream data. In C++ runtime (Array.h line 1029, BitStreamReader.h lines 249/281), vector::reserve() is called with unchecked readLength/len values. In Java runtime (Array.java line 271, ByteArrayBitStreamReader.java line 245), new int[readSize] and new byte[length] are allocated based on attacker-controlled fields. This is a classic CWE-789 (Memory Allocation with Excessive Size Value) issue where the serialization protocol's claimed size is trusted without verifying sufficient backing data exists. The pkg:maven/io.github.ndsev:zserio-runtime artifact is affected across both language implementations. The framework is foundational to NDS (Navigation Data Standard) used for automotive map data serialization, making this a supply-chain issue affecting vehicle infotainment, ADAS, and navigation systems.
RemediationAI
Upgrade to Eclipse zserio v2.18.1 or later, which implements validation of claimed varsize values against actual remaining stream data before memory allocation. Patch commit a9932de4b5eefb3afd5e18ca2fd758aa744a7c69 adds bounds checking: if (claimedSize > remainingBytesInStream) throw error. Download from https://github.com/ndsev/zserio/releases/tag/v2.18.1. For automotive OEMs with extended integration timelines, implement compensating controls at network perimeter: (1) enforce maximum message size limits (e.g., 10 MB) on NDS.Live cloud-to-vehicle update channels before deserialization, blocking oversized allocations at ingress - trade-off is rejecting legitimate large map tiles if limit set too low; (2) isolate zserio deserialization in memory-limited containers/cgroups with OOM kill policies that prevent cascading system crashes - trade-off is service degradation instead of graceful error handling; (3) implement supply-chain verification (code signing, hash validation) on map data sources to prevent malicious payload injection - does not prevent exploitation of signed-but-crafted data from compromised suppliers. Advisory references: https://github.com/ndsev/zserio/security/advisories/GHSA-cwq5-8pvq-j65j and https://github.com/advisories/GHSA-cwq5-8pvq-j65j.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25591
GHSA-cwq5-8pvq-j65j