CVE-2020-5234

EUVD-2020-0254
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
GitHub_MCNA
4.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
messagepackmessagepack
𝑥
< 1.9.3
messagepackmessagepack
2.0.323 ≤
𝑥
< 2.1.80
messagepackmessagepack
2.0.94:alpha
messagepackmessagepack
2.0.110:alpha
messagepackmessagepack
2.0.119:beta
messagepackmessagepack
2.0.123:beta
messagepackmessagepack
2.0.204:beta
messagepackmessagepack
2.0.270:rc
messagepackmessagepack
2.0.299:rc
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02
https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007
https://github.com/neuecc/MessagePack-CSharp/issues/810
https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf
https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02
https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007
https://github.com/neuecc/MessagePack-CSharp/issues/810
https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf