CVE-2020-5234

Summary

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.

Affected Software

VendorProductVersion RangeStatus
neueccMessagePack< 1.9.11affected
neueccMessagePack>= 2.0.0, < 2.1.90affected
neueccMessagePack.ImmutableCollection< 1.9.11affected
neueccMessagePack.ImmutableCollection>= 2.0.0, < 2.1.90affected
neueccMessagePack.ReactiveProperty< 1.9.11affected
neueccMessagePack.ReactiveProperty>= 2.0.0, < 2.1.90affected
neueccMessagePack.UnityShims< 1.9.11affected
neueccMessagePack.UnityShims>= 2.0.0, < 2.1.90affected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References