Vulnerability Description
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Messagepack | Messagepack | < 1.9.3 |
Related Weaknesses (CWE)
References
- https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34PatchThird Party Advisory
- https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13fae
- https://github.com/neuecc/MessagePack-CSharp/issues/810
- https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-Third Party Advisory
- https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34PatchThird Party Advisory
- https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13fae
- https://github.com/neuecc/MessagePack-CSharp/issues/810
- https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-Third Party Advisory
FAQ
What is CVE-2020-5234?
CVE-2020-5234 is a vulnerability with a CVSS score of 4.8 (MEDIUM). MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Securi...
How severe is CVE-2020-5234?
CVE-2020-5234 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5234?
Check the references section above for vendor advisories and patch information. Affected products include: Messagepack Messagepack.