Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-52079

Published: 28/12/2023 Updated: 04/01/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Kriszyp

Vulnerability Summary

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. before 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

Vulnerable Product Search on Vulmon Subscribe to Product

kriszyp msgpackr

Vendor Advisories

Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-674https://github.com/kriszyp/msgpackr/security/advisories/GHSA-7hpj-7hhx-2fgxhttps://github.com/kriszyp/msgpackr/commit/18f44f8800e2261341cdf489d1ba1e35a0133602https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-52079
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook