CVE-2026-32284

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions msgpack (affected versions not specified)

Description The msgpack decoder does not correctly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can result in an out-of-bounds read and a runtime panic, potentially leading to a denial of service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-32284

GHSA-H9Q6-HC68-35RP

GO-2026-4513

GO-2026-4740

SUSE-SU-2026:1135-1

Affected Products

Msgpack

CVE-2026-32284

Weakness Enumeration

Related Identifiers

Affected Products

References · 151