Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
3DescriptionGitHub Advisory
ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this could lead to a stack overflow. In a service environment, this would potentially take down a service. This affects applications using ParquetSharp to read untrusted Parquet files in a network service. This issue has been patched in version 23.0.0.1.
AnalysisAI
Stack overflow in ParquetSharp versions 18.1.0 through 23.0.0.0 allows remote unauthenticated attackers to cause denial of service by supplying a maliciously crafted Parquet file with a decimal column declaring an unreasonably large width, triggering unbounded stack allocation in the DecimalConverter.ReadDecimal method. This impacts network services that parse untrusted Parquet files. The vulnerability has been patched in version 23.0.0.1.
Technical ContextAI
ParquetSharp is a .NET wrapper around the Apache Parquet C++ library, enabling read/write operations on Parquet columnar data files. The vulnerability exists in the DecimalConverter.ReadDecimal method, which uses stackalloc (a C
construct for stack-allocated memory) without validating the width parameter of decimal columns before allocation. The decimal width value is read from the Parquet file metadata, making it attacker-controllable when processing untrusted files. The root cause is CWE-789 (Memory Allocation with Excessive Size Value), where the application fails to constrain the size of stack memory allocation based on external input. An attacker can craft a Parquet file with a decimal column type specifying an arbitrarily large width, causing stackalloc to request excessive stack memory, triggering a stack overflow exception and crashing the application. This affects specifically the .NET runtime environment hosting ParquetSharp-based services.
RemediationAI
Upgrade ParquetSharp to version 23.0.0.1 or later immediately. This patched version applies a limit on stackalloc size when reading decimal columns, preventing attackers from specifying unbounded width values. For applications unable to upgrade immediately, implement strict input validation on Parquet files before parsing: reject files containing decimal columns with width values exceeding a reasonable threshold (e.g., 38 digits, the maximum precision of .NET decimal type). Additionally, configure ParquetSharp parsing in a sandboxed or isolated process with limited stack size, such that a stack overflow terminates only the worker process rather than the entire service, allowing graceful error handling. Monitor Parquet file sources and restrict file ingestion to trusted suppliers where feasible. The patch version 23.0.0.1 is available at https://www.nuget.org/packages/ParquetSharp/23.0.0.1 and via GitHub at https://github.com/G-Research/ParquetSharp/releases/tag/23.0.0.1.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28430