Neuecc

**Name of the Vulnerable Software and Affected Versions** MessagePack for C# and Unity versions 1.9.3 through 1.9.10 MessagePack for C# and Unity versions 2.1.80 through 2.1.89 **Description** The issue allows untrusted data to lead to a denial of service attack due to hash collisions and stack overflow when deserializing messagepack data from an untrusted source. This can result in large CPU consumption or the deserializing process crashing. **Recommendations** For MessagePack for C# and Unity versions 1.9.3 through 1.9.10, upgrade to any 1.9.x version, put MessagePack into a more secure mode with `MessagePackSecurity.Active = MessagePackSecurity.UntrustedData;`, and regenerate any code produced by mpc with the patched version. For MessagePack for C# and Unity versions 2.1.80 through 2.1.89, upgrade to any 2.1.x or later version, put MessagePack into a more secure mode by configuring `MessagePackSerializerOptions.Security` property, and regenerate any code produced by mpc with the patched version. As a temporary workaround, consider avoiding the built-in formatters entirely in favor of reading messagepack primitive data directly or relying on carefully written custom formatters.