Gagliardetto

**Name of the Vulnerable Software and Affected Versions** github.com/gagliardetto/binary versions prior to v0.7.1 **Description** The issue is a memory allocation vulnerability that can be exploited to allocate slices in memory with excessive size values, potentially exhausting available memory or crashing the program. This occurs when using github.com/gagliardetto/binary to parse unchecked data from untrusted sources into slices. The `dec.Decode(&val)` method reads the length of the slice directly from the data without checks, leading to potential overflows and excessive memory allocation. **Recommendations** To resolve the issue, upgrade to v0.7.1 or higher. As a temporary workaround, consider using a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice instead of relying on the `dec.Decode(&val)` function to parse the data.