QwikSec

Security Database

CVE

CWE

Training

CVE-2020-5234

Published: Jan 31, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

4.8

MEDIUM

Description

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.

Vendor	Product	Versions
neuecc	MessagePack	affected `< 1.9.11` affected `>= 2.0.0, < 2.1.90`
neuecc	MessagePack.ImmutableCollection	affected `< 1.9.11` affected `>= 2.0.0, < 2.1.90`
neuecc	MessagePack.ReactiveProperty	affected `< 1.9.11` affected `>= 2.0.0, < 2.1.90`
neuecc	MessagePack.UnityShims	affected `< 1.9.11` affected `>= 2.0.0, < 2.1.90`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf

x_refsource_CONFIRM

https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02

x_refsource_MISC

https://github.com/neuecc/MessagePack-CSharp/issues/810

x_refsource_MISC

https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.