Curthagenlocher

**Name of the Vulnerable Software and Affected Versions** ParquetSharp versions 18.1.0 through 23.0.0 **Description** ParquetSharp is a .NET library used for reading and writing Apache Parquet files. The `ReadDecimal()` function in `DecimalConverter` performs a stackalloc operation using a value that can be supplied by an attacker. By declaring a decimal column with an unreasonable width, an attacker can trigger a stack overflow, which may result in a denial of service by taking down the application in a service environment. This issue specifically impacts applications that use the library to read untrusted Parquet files within a network service. **Recommendations** Update to version 23.0.0.1.