Vulnerability-Lookup

CVE-2020-5234 (GCVE-0-2020-5234)

Vulnerability from cvelistv5 – Published: 2020-01-31 17:50 – Updated: 2024-08-04 08:22

Title

Untrusted data can lead to DoS attack in MessagePack for C# and Unity

Summary

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/neuecc/MessagePack-CSharp/secu…	x_refsource_CONFIRM
https://github.com/neuecc/MessagePack-CSharp/comm…	x_refsource_MISC
https://github.com/neuecc/MessagePack-CSharp/issues/810	x_refsource_MISC
https://github.com/neuecc/MessagePack-CSharp/comm…	x_refsource_MISC

Impacted products

4 products

Vendor	Product	Version
neuecc	MessagePack	Affected: < 1.9.11 Affected: >= 2.0.0, < 2.1.90
neuecc	MessagePack.ImmutableCollection	Affected: < 1.9.11 Affected: >= 2.0.0, < 2.1.90
neuecc	MessagePack.ReactiveProperty	Affected: < 1.9.11 Affected: >= 2.0.0, < 2.1.90
neuecc	MessagePack.UnityShims	Affected: < 1.9.11 Affected: >= 2.0.0, < 2.1.90

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MessagePack",
          "vendor": "neuecc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.90"
            }
          ]
        },
        {
          "product": "MessagePack.ImmutableCollection",
          "vendor": "neuecc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.90"
            }
          ]
        },
        {
          "product": "MessagePack.ReactiveProperty",
          "vendor": "neuecc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.90"
            }
          ]
        },
        {
          "product": "MessagePack.UnityShims",
          "vendor": "neuecc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.90"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-24T22:55:06.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
        }
      ],
      "source": {
        "advisory": "GHSA-7q36-4xx7-xcxf",
        "discovery": "UNKNOWN"
      },
      "title": "Untrusted data can lead to DoS attack in MessagePack for C# and Unity",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5234",
          "STATE": "PUBLIC",
          "TITLE": "Untrusted data can lead to DoS attack in MessagePack for C# and Unity"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MessagePack",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.9.11"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MessagePack.ImmutableCollection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.9.11"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MessagePack.ReactiveProperty",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.9.11"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MessagePack.UnityShims",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.9.11"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "neuecc"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121: Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
              "refsource": "CONFIRM",
              "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
            },
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
              "refsource": "MISC",
              "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
            },
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/issues/810",
              "refsource": "MISC",
              "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
            },
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007",
              "refsource": "MISC",
              "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-7q36-4xx7-xcxf",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5234",
    "datePublished": "2020-01-31T17:50:14.000Z",
    "dateReserved": "2020-01-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:22:09.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-5234",
      "date": "2026-05-31",
      "epss": "0.00549",
      "percentile": "0.68225"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\\\#:*:*\", \"versionEndExcluding\": \"1.9.3\", \"matchCriteriaId\": \"6E3E3D7A-9BC4-4387-9EBD-EE1DEE62266D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\\\#:*:*\", \"versionStartIncluding\": \"2.0.323\", \"versionEndExcluding\": \"2.1.80\", \"matchCriteriaId\": \"F24DBCF3-4F9D-4409-9343-7B258B4F1B3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.94:alpha:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"5507008B-B8F8-4147-8E65-1481E479ABE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.110:alpha:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"37BBAB86-0E12-4B68-A325-C168F7BB2C1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.119:beta:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"C1D65411-111F-4243-AFC7-F561CED839B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.123:beta:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"D61D5CEA-5EB9-4C11-B379-604D8DE9F368\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.204:beta:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"129F03B4-C739-4EE9-ADCA-D9DC9337101E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.270:rc:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"C6BB270F-6012-4C07-A070-E1F13048A439\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:messagepack:messagepack:2.0.299:rc:*:*:*:c\\\\#:*:*\", \"matchCriteriaId\": \"CB524CF3-98FF-41DF-9C44-553ED740152D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.\"}, {\"lang\": \"es\", \"value\": \"MessagePack para C # y Unity anterior a la versi\\u00f3n 1.9.11 y 2.1.90 tiene una vulnerabilidad en la que los datos no seguros pueden provocar un ataque DoS debido a colisiones hash y desbordamiento de pila. Revise el Aviso de seguridad de GitHub vinculado para obtener m\\u00e1s informaci\\u00f3n y pasos de reparaci\\u00f3n.\"}]",
      "id": "CVE-2020-5234",
      "lastModified": "2024-11-21T05:33:43.930",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:C\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-31T18:15:11.860",
      "references": "[{\"url\": \"https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/issues/810\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/issues/810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5234\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-01-31T18:15:11.860\",\"lastModified\":\"2024-11-21T05:33:43.930\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.\"},{\"lang\":\"es\",\"value\":\"MessagePack para C # y Unity anterior a la versi\u00f3n 1.9.11 y 2.1.90 tiene una vulnerabilidad en la que los datos no seguros pueden provocar un ataque DoS debido a colisiones hash y desbordamiento de pila. Revise el Aviso de seguridad de GitHub vinculado para obtener m\u00e1s informaci\u00f3n y pasos de reparaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:C\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\\\#:*:*\",\"versionEndExcluding\":\"1.9.3\",\"matchCriteriaId\":\"6E3E3D7A-9BC4-4387-9EBD-EE1DEE62266D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\\\#:*:*\",\"versionStartIncluding\":\"2.0.323\",\"versionEndExcluding\":\"2.1.80\",\"matchCriteriaId\":\"F24DBCF3-4F9D-4409-9343-7B258B4F1B3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.94:alpha:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"5507008B-B8F8-4147-8E65-1481E479ABE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.110:alpha:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"37BBAB86-0E12-4B68-A325-C168F7BB2C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.119:beta:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"C1D65411-111F-4243-AFC7-F561CED839B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.123:beta:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"D61D5CEA-5EB9-4C11-B379-604D8DE9F368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.204:beta:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"129F03B4-C739-4EE9-ADCA-D9DC9337101E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.270:rc:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"C6BB270F-6012-4C07-A070-E1F13048A439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:messagepack:messagepack:2.0.299:rc:*:*:*:c\\\\#:*:*\",\"matchCriteriaId\":\"CB524CF3-98FF-41DF-9C44-553ED740152D\"}]}]}],\"references\":[{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/issues/810\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/issues/810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-5234

Vulnerability from fkie_nvd - Published: 2020-01-31 18:15 - Updated: 2024-11-21 05:33

Severity

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007
security-advisories@github.com	https://github.com/neuecc/MessagePack-CSharp/issues/810
security-advisories@github.com	https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007
af854a3a-2127-422b-91ae-364da2661108	https://github.com/neuecc/MessagePack-CSharp/issues/810
af854a3a-2127-422b-91ae-364da2661108	https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf	Third Party Advisory

Impacted products

Vendor	Product	Version
messagepack	messagepack	*
messagepack	messagepack	*
messagepack	messagepack	2.0.94
messagepack	messagepack	2.0.110
messagepack	messagepack	2.0.119
messagepack	messagepack	2.0.123
messagepack	messagepack	2.0.204
messagepack	messagepack	2.0.270
messagepack	messagepack	2.0.299

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*",
              "matchCriteriaId": "6E3E3D7A-9BC4-4387-9EBD-EE1DEE62266D",
              "versionEndExcluding": "1.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*",
              "matchCriteriaId": "F24DBCF3-4F9D-4409-9343-7B258B4F1B3F",
              "versionEndExcluding": "2.1.80",
              "versionStartIncluding": "2.0.323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.94:alpha:*:*:*:c\\#:*:*",
              "matchCriteriaId": "5507008B-B8F8-4147-8E65-1481E479ABE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.110:alpha:*:*:*:c\\#:*:*",
              "matchCriteriaId": "37BBAB86-0E12-4B68-A325-C168F7BB2C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.119:beta:*:*:*:c\\#:*:*",
              "matchCriteriaId": "C1D65411-111F-4243-AFC7-F561CED839B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.123:beta:*:*:*:c\\#:*:*",
              "matchCriteriaId": "D61D5CEA-5EB9-4C11-B379-604D8DE9F368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.204:beta:*:*:*:c\\#:*:*",
              "matchCriteriaId": "129F03B4-C739-4EE9-ADCA-D9DC9337101E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.270:rc:*:*:*:c\\#:*:*",
              "matchCriteriaId": "C6BB270F-6012-4C07-A070-E1F13048A439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:messagepack:messagepack:2.0.299:rc:*:*:*:c\\#:*:*",
              "matchCriteriaId": "CB524CF3-98FF-41DF-9C44-553ED740152D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps."
    },
    {
      "lang": "es",
      "value": "MessagePack para C # y Unity anterior a la versi\u00f3n 1.9.11 y 2.1.90 tiene una vulnerabilidad en la que los datos no seguros pueden provocar un ataque DoS debido a colisiones hash y desbordamiento de pila. Revise el Aviso de seguridad de GitHub vinculado para obtener m\u00e1s informaci\u00f3n y pasos de reparaci\u00f3n."
    }
  ],
  "id": "CVE-2020-5234",
  "lastModified": "2024-11-21T05:33:43.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-31T18:15:11.860",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7Q36-4XX7-XCXF

Vulnerability from github – Published: 2020-01-31 17:59 – Updated: 2024-10-16 22:06

Summary

Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Details

Impact

When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors:

hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized.
stack overflow - leading to the deserializing process crashing.

Patches

The following steps are required to mitigate this risk.

Upgrade to a version of the library where a fix is available
Add code to your application to put MessagePack into the defensive UntrustedData mode.
Identify all MessagePack extensions that implement IMessagePackFormatter<T> implementations that do not ship with the MessagePack library to include the security mitigations. This includes those acquired from 3rd party packages and classes included directly into your project. Any AOT formatters generated with the MPC tool must be regenerated with the patched version of mpc.
Review your messagepack-serializable data structures for hash-based collections that use custom or unusual types for the hashed key. See below for details on handling such situations.

Review the MessagePackSecurity class to tweak any settings as necessary to strike the right balance between performance, functionality, and security.

Specialized IEqualityComparer<T> implementations provide the hash collision resistance. Each type of hashed key may require a specialized implementation of its own. The patched MessagePack library includes many such implementations for primitive types commonly used as keys in hash-based collections. If your data structures use custom types as keys in these hash-based collections, putting MessagePack in UntrustedData mode may lead the deserializer to throw an exception because no safe IEqualityComparer<T> is available for your custom T type. You can provide your own safe implementation by deriving from the MessagePackSecurity class and overriding the GetHashCollisionResistantEqualityComparer<T>() method to return your own custom implementation when T matches your type, and fallback to return base.GetHashCollisionResistantEqualityComparer<T>(); for types you do not have custom implementations for.

Unrelated to this advisory, but as general security guidance, you should also avoid the Typeless serializer/formatters/resolvers for untrusted data as that opens the door for the untrusted data to potentially deserialize unanticipated types that can compromise security.

MessagePack 1.x users

Upgrade to any 1.9.x version.
When deserializing untrusted data, put MessagePack into a more secure mode with:

cs MessagePackSecurity.Active = MessagePackSecurity.UntrustedData;

In MessagePack v1.x this is a static property and thus the security level is shared by the entire process or AppDomain. Use MessagePack v2.1 or later for better control over the security level for your particular use.
Any code produced by mpc should be regenerated with the mpc tool with the matching (patched) version. Such generated code usually is written to a file called Generated.cs. A patched Generated.cs file will typically reference the MessagePackSecurity class.

Review any custom-written IMessagePackFormatter<T> implementations in your project or that you might use from 3rd party packages to ensure they also utilize the MessagePackSecurity class as required. In particular, a formatter that deserializes an object (as opposed to a primitive value) should wrap the deserialization in a using (MessagePackSecurity.DepthStep()) block. For example:

cs public MyObject Deserialize(ref MessagePackReader reader, MessagePackSerializerOptions options) { if (reader.TryReadNil()) { return default; } else { using (MessagePackSecurity.DepthStep()) // STACK OVERFLOW MITIGATION { MyObject o = new MyObject(); // deserialize members of the object here. return o; } } }

If your custom formatter creates hash-based collections (e.g. Dictionary<K, V> or HashSet<T>) where the hashed key comes from the messagepack data, always instantiate your collection using MessagePackSecurity.Active.GetEqualityComparer<T>() as the equality comparer:

cs var collection = new HashSet<T>(MessagePackSecurity.Active.GetEqualityComparer<T>());

This ensures that when reading untrusted data, you will be using a collision-resistent hash algorithm.

Learn more about best security practices when reading untrusted data with MessagePack 1.x.

MessagePack 2.x users

Upgrade to any 2.1.x or later version.
When deserializing untrusted data, put MessagePack into a more secure mode by configuring your MessagePackSerializerOptions.Security property:

```cs var options = MessagePackSerializerOptions.Standard .WithSecurity(MessagePackSecurity.UntrustedData);

// Pass the options explicitly for the greatest control. T object = MessagePackSerializer.Deserialize(data, options);

// Or set the security level as the default. MessagePackSerializer.DefaultOptions = options; ```
Any code produced by mpc should be regenerated with the mpc tool with the matching (patched) version. Such generated code usually is written to a file called Generated.cs. A patched Generated.cs file will typically reference the Security member on the MessagePackSerializerOptions parameter.

Review any custom-written IMessagePackFormatter<T> implementations in your project or that you might use from 3rd party packages to ensure they also utilize the MessagePackSecurity class as required. In particular, a formatter that deserializes an object (as opposed to a primitive value) should call options.Security.DepthStep(ref reader); before deserializing the object's members, and be sure to revert the depth step with reader.Depth--; before exiting the method. For example:

cs public MyObject Deserialize(ref MessagePackReader reader, MessagePackSerializerOptions options) { if (reader.TryReadNil()) { return default; } else { options.Security.DepthStep(ref reader); // STACK OVERFLOW MITIGATION, line 1 try { MyObject o = new MyObject(); // deserialize members of the object here. return o; } finally { reader.Depth--; // STACK OVERFLOW MITIGATION, line 2 } } }

If your custom formatter creates hash-based collections (e.g. Dictionary<K, V> or HashSet<T>) where the hashed key comes from the messagepack data, always instantiate your collection using options.Security.GetEqualityComparer<TKey>() as the equality comparer:

cs var collection = new HashSet<T>(options.Security.GetEqualityComparer<T>());

This ensures that when reading untrusted data, you will be using a collision-resistent hash algorithm.

Learn more about best security practices when reading untrusted data with MessagePack 2.x.

Workarounds

The security vulnerabilities are in the formatters. Avoiding the built-in formatters entirely in favor of reading messagepack primitive data directly or relying on carefully written custom formatters can provide a workaround.

MessagePack v1.x users may utilize the MessagePackBinary static class directly to read the data they expect. MessagePack v2.x users may utilize the MessagePackReader struct directly to read the data they expect.

References

Learn more about best security practices when reading untrusted data with MessagePack 1.x or MessagePack 2.x.

For more information

If you have any questions or comments about this advisory:

Open an issue in MessagePack-CSharp
Email us

Severity

4.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.ImmutableCollection"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.ImmutableCollection"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.ReactiveProperty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.ReactiveProperty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.UnityShims"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.UnityShims"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.Unity"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "MessagePack.Unity"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-01-31T17:47:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors:\n\n1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized.\n1. stack overflow - leading to the deserializing process crashing.\n\n### Patches\n\nThe following steps are required to mitigate this risk.\n\n1. Upgrade to a version of the library where a fix is available\n1. Add code to your application to put MessagePack into the defensive `UntrustedData` mode.\n1. Identify all MessagePack extensions that implement `IMessagePackFormatter\u003cT\u003e` implementations that do not ship with the MessagePack library to include the security mitigations. This includes those acquired from 3rd party packages and classes included directly into your project. Any AOT formatters generated with the MPC tool must be regenerated with the patched version of mpc.\n1. Review your messagepack-serializable data structures for hash-based collections that use custom or unusual types for the hashed key. See below for details on handling such situations.\n\nReview the `MessagePackSecurity` class to tweak any settings as necessary to strike the right balance between performance, functionality, and security.\n\nSpecialized `IEqualityComparer\u003cT\u003e` implementations provide the hash collision resistance.\nEach type of hashed key may require a specialized implementation of its own.\nThe patched MessagePack library includes many such implementations for primitive types commonly used as keys in hash-based collections.\nIf your data structures use custom types as keys in these hash-based collections,\nputting MessagePack in `UntrustedData` mode may lead the deserializer to throw an exception\nbecause no safe `IEqualityComparer\u003cT\u003e` is available for your custom `T` type.\nYou can provide your own safe implementation by deriving from the `MessagePackSecurity` class\nand overriding the `GetHashCollisionResistantEqualityComparer\u003cT\u003e()` method to return your own\ncustom implementation when `T` matches your type, and fallback to `return base.GetHashCollisionResistantEqualityComparer\u003cT\u003e();` for types you do not have custom implementations for.\n\nUnrelated to this advisory, but as general security guidance, you should also avoid the Typeless serializer/formatters/resolvers for untrusted data as that opens the door for the untrusted data to potentially deserialize unanticipated types that can compromise security.\n\n#### MessagePack 1.x users\n\n1. Upgrade to any 1.9.x version.\n\n1. When deserializing untrusted data, put MessagePack into a more secure mode with:\n\n    ```cs\n    MessagePackSecurity.Active = MessagePackSecurity.UntrustedData;\n    ```\n\n    In MessagePack v1.x this is a static property and thus the security level is shared by the entire process or AppDomain.\n    Use MessagePack v2.1 or later for better control over the security level for your particular use.\n\n1. Any code produced by mpc should be regenerated with the mpc tool with the matching (patched) version. Such generated code usually is written to a file called `Generated.cs`. A patched `Generated.cs` file will typically reference the `MessagePackSecurity` class.\n\n    Review any custom-written `IMessagePackFormatter\u003cT\u003e` implementations in your project or that you might use from 3rd party packages to ensure they also utilize the `MessagePackSecurity` class as required.\n    In particular, a formatter that deserializes an object (as opposed to a primitive value) should wrap the deserialization in a `using (MessagePackSecurity.DepthStep())` block. For example:\n\n    ```cs\n    public MyObject Deserialize(ref MessagePackReader reader, MessagePackSerializerOptions options)\n    {\n        if (reader.TryReadNil())\n        {\n            return default;\n        }\n        else\n        {\n            using (MessagePackSecurity.DepthStep()) // STACK OVERFLOW MITIGATION\n            {\n                MyObject o = new MyObject();\n                // deserialize members of the object here.\n                return o;\n            }\n        }\n    }\n    ```\n\n    If your custom formatter creates hash-based collections (e.g. `Dictionary\u003cK, V\u003e` or `HashSet\u003cT\u003e`) where the hashed key comes from the messagepack data, always instantiate your collection using `MessagePackSecurity.Active.GetEqualityComparer\u003cT\u003e()` as the equality comparer:\n\n    ```cs\n    var collection = new HashSet\u003cT\u003e(MessagePackSecurity.Active.GetEqualityComparer\u003cT\u003e());\n    ```\n\n    This ensures that when reading untrusted data, you will be using a collision-resistent hash algorithm.\n\nLearn more about [best security practices when reading untrusted data with MessagePack 1.x](https://github.com/neuecc/MessagePack-CSharp/tree/v1.x#security).\n\n#### MessagePack 2.x users\n\n1. Upgrade to any 2.1.x or later version.\n\n1. When deserializing untrusted data, put MessagePack into a more secure mode by configuring your `MessagePackSerializerOptions.Security` property:\n\n    ```cs\n    var options = MessagePackSerializerOptions.Standard\n        .WithSecurity(MessagePackSecurity.UntrustedData);\n\n    // Pass the options explicitly for the greatest control.\n    T object = MessagePackSerializer.Deserialize\u003cT\u003e(data, options);\n\n    // Or set the security level as the default.\n    MessagePackSerializer.DefaultOptions = options;\n    ```\n\n1. Any code produced by mpc should be regenerated with the mpc tool with the matching (patched) version. Such generated code usually is written to a file called `Generated.cs`. A patched `Generated.cs` file will typically reference the `Security` member on the `MessagePackSerializerOptions` parameter.\n\n    Review any custom-written `IMessagePackFormatter\u003cT\u003e` implementations in your project or that you might use from 3rd party packages to ensure they also utilize the `MessagePackSecurity` class as required.\n    In particular, a formatter that deserializes an object (as opposed to a primitive value) should call `options.Security.DepthStep(ref reader);` before deserializing the object\u0027s members, and be sure to revert the depth step with `reader.Depth--;` before exiting the method. For example:\n\n    ```cs\n    public MyObject Deserialize(ref MessagePackReader reader, MessagePackSerializerOptions options)\n    {\n        if (reader.TryReadNil())\n        {\n            return default;\n        }\n        else\n        {\n            options.Security.DepthStep(ref reader); // STACK OVERFLOW MITIGATION, line 1\n            try\n            {\n                MyObject o = new MyObject();\n                // deserialize members of the object here.\n                return o;\n            }\n            finally\n            {\n                reader.Depth--; // STACK OVERFLOW MITIGATION, line 2\n            }\n        }\n    }\n    ```\n\n    If your custom formatter creates hash-based collections (e.g. `Dictionary\u003cK, V\u003e` or `HashSet\u003cT\u003e`) where the hashed key comes from the messagepack data, always instantiate your collection using `options.Security.GetEqualityComparer\u003cTKey\u003e()` as the equality comparer:\n\n    ```cs\n    var collection = new HashSet\u003cT\u003e(options.Security.GetEqualityComparer\u003cT\u003e());\n    ```\n\n    This ensures that when reading untrusted data, you will be using a collision-resistent hash algorithm.\n\nLearn more about [best security practices when reading untrusted data with MessagePack 2.x](https://github.com/neuecc/MessagePack-CSharp#security).\n\n### Workarounds\n\nThe security vulnerabilities are in the formatters.\nAvoiding the built-in formatters entirely in favor of reading messagepack primitive data directly\nor relying on carefully written custom formatters can provide a workaround.\n\nMessagePack v1.x users may utilize the `MessagePackBinary` static class directly to read the data they expect.\nMessagePack v2.x users may utilize the `MessagePackReader` struct directly to read the data they expect.\n\n### References\n\nLearn more about best security practices when reading untrusted data with [MessagePack 1.x](https://github.com/neuecc/MessagePack-CSharp/tree/v1.x#security) or [MessagePack 2.x](https://github.com/neuecc/MessagePack-CSharp#security).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [MessagePack-CSharp](https://github.com/neuecc/MessagePack-CSharp/issues/new/choose)\n* [Email us](mailto:andrewarnott@gmail.com)\n",
  "id": "GHSA-7q36-4xx7-xcxf",
  "modified": "2024-10-16T22:06:55Z",
  "published": "2020-01-31T17:59:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5234"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aspnet/Announcements/issues/405"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack"
}

GSD-2020-5234

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5234

Aliases

CVE-2020-5234

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5234",
    "description": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.",
    "id": "GSD-2020-5234"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5234"
      ],
      "details": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.",
      "id": "GSD-2020-5234",
      "modified": "2023-12-13T01:22:03.207135Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5234",
        "STATE": "PUBLIC",
        "TITLE": "Untrusted data can lead to DoS attack in MessagePack for C# and Unity"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MessagePack",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.9.11"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MessagePack.ImmutableCollection",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.9.11"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MessagePack.ReactiveProperty",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.9.11"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "MessagePack.UnityShims",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.9.11"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.1.90"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "neuecc"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-121: Stack-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
            "refsource": "CONFIRM",
            "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
          },
          {
            "name": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
            "refsource": "MISC",
            "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
          },
          {
            "name": "https://github.com/neuecc/MessagePack-CSharp/issues/810",
            "refsource": "MISC",
            "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
          },
          {
            "name": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007",
            "refsource": "MISC",
            "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-7q36-4xx7-xcxf",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.9.11),[2.0.0,2.1.90)",
          "affected_versions": "All versions before 1.9.11, all versions starting from 2.0.0 before 2.1.90",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2021-04-06",
          "description": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.",
          "fixed_versions": [
            "1.9.11",
            "2.1.90"
          ],
          "identifier": "CVE-2020-5234",
          "identifiers": [
            "GHSA-7q36-4xx7-xcxf",
            "CVE-2020-5234"
          ],
          "not_impacted": "All versions starting from 1.9.11 before 2.0.0, all versions starting from 2.1.90",
          "package_slug": "nuget/MessagePack.ImmutableCollection",
          "pubdate": "2020-01-31",
          "solution": "Upgrade to versions 1.9.11, 2.1.90 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
            "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5234",
            "https://github.com/neuecc/MessagePack-CSharp/issues/810",
            "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007",
            "https://github.com/aspnet/Announcements/issues/405",
            "https://github.com/advisories/GHSA-7q36-4xx7-xcxf"
          ],
          "uuid": "d6b15e48-4e35-479b-ab3c-01aada872a9a"
        },
        {
          "affected_range": "(,1.9.11),[2.0.0,2.1.90)",
          "affected_versions": "All versions before 1.9.11, all versions starting from 2.0.0 before 2.1.90",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2021-04-06",
          "description": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.",
          "fixed_versions": [
            "1.9.11",
            "2.1.90"
          ],
          "identifier": "CVE-2020-5234",
          "identifiers": [
            "GHSA-7q36-4xx7-xcxf",
            "CVE-2020-5234"
          ],
          "not_impacted": "All versions starting from 1.9.11 before 2.0.0, all versions starting from 2.1.90",
          "package_slug": "nuget/MessagePack.ReactiveProperty",
          "pubdate": "2020-01-31",
          "solution": "Upgrade to versions 1.9.11, 2.1.90 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
            "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5234",
            "https://github.com/neuecc/MessagePack-CSharp/issues/810",
            "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007",
            "https://github.com/aspnet/Announcements/issues/405",
            "https://github.com/advisories/GHSA-7q36-4xx7-xcxf"
          ],
          "uuid": "e89788a8-c56c-4d87-a246-013a8679e0da"
        },
        {
          "affected_range": "(,1.9.11),[2.0.0,2.1.90)",
          "affected_versions": "All versions before 1.9.11, all versions starting from 2.0.0 before 2.1.90",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2021-04-06",
          "description": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.",
          "fixed_versions": [
            "1.9.11",
            "2.1.90"
          ],
          "identifier": "CVE-2020-5234",
          "identifiers": [
            "GHSA-7q36-4xx7-xcxf",
            "CVE-2020-5234"
          ],
          "not_impacted": "All versions starting from 1.9.11 before 2.0.0, all versions starting from 2.1.90",
          "package_slug": "nuget/MessagePack.UnityShims",
          "pubdate": "2020-01-31",
          "solution": "Upgrade to versions 1.9.11, 2.1.90 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
            "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5234",
            "https://github.com/neuecc/MessagePack-CSharp/issues/810",
            "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007",
            "https://github.com/aspnet/Announcements/issues/405",
            "https://github.com/advisories/GHSA-7q36-4xx7-xcxf"
          ],
          "uuid": "e9002df8-8b95-45eb-b8b9-281d39bce58d"
        },
        {
          "affected_range": "(,1.9.3),[2.0.94],[2.0.110],[2.0.119],[2.0.123],[2.0.204],[2.0.270],[2.0.299],[2.0.323,2.1.80)",
          "affected_versions": "All versions before 1.9.3, version 2.0.94, version 2.0.110, version 2.0.119, version 2.0.123, version 2.0.204, version 2.0.270, version 2.0.299, all versions starting from 2.0.323 before 2.1.80",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2020-02-24",
          "description": "MessagePack for C# and Unity has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.",
          "fixed_versions": [
            "1.9.11",
            "2.1.90"
          ],
          "identifier": "CVE-2020-5234",
          "identifiers": [
            "CVE-2020-5234",
            "GHSA-7q36-4xx7-xcxf"
          ],
          "not_impacted": "All versions starting from 1.9.3 before 2.0.94, all versions after 2.0.94 before 2.0.110, all versions after 2.0.110 before 2.0.119, all versions after 2.0.119 before 2.0.123, all versions after 2.0.123 before 2.0.204, all versions after 2.0.204 before 2.0.270, all versions after 2.0.270 before 2.0.299, all versions after 2.0.299 before 2.0.323, all versions starting from 2.1.80",
          "package_slug": "nuget/MessagePack",
          "pubdate": "2020-01-31",
          "solution": "Upgrade to versions 1.9.11, 2.1.90 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5234",
            "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
            "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
            "https://github.com/neuecc/MessagePack-CSharp/issues/810",
            "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
          ],
          "uuid": "ef64082b-c0f8-4040-ac8b-bc1b431a0dd1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.9.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.94:alpha:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.110:alpha:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.119:beta:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.123:beta:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.204:beta:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.270:rc:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:2.0.299:rc:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.80",
                "versionStartIncluding": "2.0.323",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5234"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/neuecc/MessagePack-CSharp/commit/56fa86219d01d0a183babbbbcb34abbdea588a02"
            },
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf"
            },
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/issues/810",
              "refsource": "MISC",
              "tags": [],
              "url": "https://github.com/neuecc/MessagePack-CSharp/issues/810"
            },
            {
              "name": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007",
              "refsource": "MISC",
              "tags": [],
              "url": "https://github.com/neuecc/MessagePack-CSharp/commit/f88684078698386df02204f13faeff098a61f007"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-02-24T23:15Z",
      "publishedDate": "2020-01-31T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5234 (GCVE-0-2020-5234)

FKIE_CVE-2020-5234

GHSA-7Q36-4XX7-XCXF

Impact

Patches

MessagePack 1.x users

MessagePack 2.x users

Workarounds

References

For more information

GSD-2020-5234

Tags

Sightings

Nomenclature