PT-2026-28435 · Pypi · Msgpack

Athuljayaram

Publicado

2026-03-16

Atualizado

2026-06-03

CVE-2026-32284

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions msgpack (affected versions not specified)

Description The msgpack decoder does not correctly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can result in an out-of-bounds read and a runtime panic, potentially leading to a denial of service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2026-32284

GHSA-H9Q6-HC68-35RP

GO-2026-4513

GO-2026-4740

SUSE-SU-2026:1135-1

Produtos afetados

Msgpack

PT-2026-28435 · Pypi · Msgpack

CVE-2026-32284

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 152