CVE-2020-5234

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-5234
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5234.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5234
Aliases
Published
2020-01-31T18:15:11Z
Modified
2024-05-15T01:12:31.332786Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.

References

Affected packages

Git / github.com/messagepack-csharp/messagepack-csharp

Affected ranges

Type
GIT
Repo
https://github.com/messagepack-csharp/messagepack-csharp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Type
GIT
Repo
https://github.com/neuecc/messagepack-csharp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0-beta
0.2.0-beta

1.*

1.0.1

v.*

v.1.7.3.5
v.1.7.3.6

v1.*

v1.0.2
v1.0.3
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.1.2
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.3.1
v1.7.3.2
v1.7.3.3
v1.7.3.4
v1.7.3.7
v1.8.71-beta
v1.8.74
v1.8.80

v2.*

v2.0.110-alpha
v2.0.119-beta
v2.0.123-beta
v2.0.204-beta
v2.0.270-rc
v2.0.299-rc
v2.0.323
v2.0.335
v2.0.94-alpha