PT-2026-51390 · Messagepack Csharp · Messagepack-Csharp

Publicado

2026-06-22

Atualizado

2026-06-22

CVE-2026-48502

CVSS v4.0

8.2

Alta

Vetor

AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension body length from the wire and is used in a stackalloc operation before the extension length is validated as one of the valid timestamp sizes. A very small payload can claim a large timestamp extension body and cause a stack allocation large enough to trigger an uncatchable StackOverflowException, terminating the host process. This vulnerability is fixed in 2.5.301 and 3.1.7.

Correção

Deserialization of Untrusted Data

Integer Overflow

Uncontrolled Recursion

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-470CWE-1188CWE-502CWE-190CWE-789CWE-674CWE-409CWE-407CWE-125

Identificadores relacionados

CVE-2026-48502

Produtos afetados

Messagepack-Csharp

PT-2026-51390 · Messagepack Csharp · Messagepack-Csharp

CVE-2026-48502

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2