Cereal
Monthly
Type confusion in USCiLab Cereal C++ serialization library through version 1.3.2 allows remote attackers to trigger memory corruption via the Shared Pointer Handler component when deserializing untrusted input. Publicly available exploit code exists (published as a GitHub gist), and the issue was disclosed by VulDB after early vendor contact. CVSS 7.3 reflects network-reachable, low-complexity exploitation with low impact across confidentiality, integrity, and availability - consistent with a memory-safety flaw in a header-only library embedded in downstream applications.
Type confusion in USCiLab Cereal C++ serialization library through version 1.3.2 allows remote attackers to trigger memory corruption via the Shared Pointer Handler component when deserializing untrusted input. Publicly available exploit code exists (published as a GitHub gist), and the issue was disclosed by VulDB after early vendor contact. CVSS 7.3 reflects network-reachable, low-complexity exploitation with low impact across confidentiality, integrity, and availability - consistent with a memory-safety flaw in a header-only library embedded in downstream applications.