PT-2026-35054 · Zserio · Zserio

Ryujiyasu

·

Published

2026-04-24

·

Updated

2026-04-28

·

CVE-2026-33524

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1
Description Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, leading to an Out of Memory (OOM) error and causing a Denial of Service by crashing the process.
Recommendations Update to version 2.18.1.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-789

Related Identifiers

CVE-2026-33524
GHSA-CWQ5-8PVQ-J65J

Affected Products

Zserio