漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
Vulnerability Description
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T[,], T[,,], or T[,,,] before validating that the dimension product matches the encoded element count. The formatter reads a guarded element array header, but allocation of the target multi-dimensional array happens before the dimensions are checked against that element count. A small payload can therefore declare large dimensions, provide an empty or tiny inner array, and cause a large heap allocation before element data is validated. This vulnerability is fixed in 2.5.301 and 3.1.7.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
MessagePack-CSharp 资源管理错误漏洞
Vulnerability Description
MessagePack-CSharp MessagePack-CSharp是MessagePack-CSharp团队的一款消息序列化工具。 MessagePack-CSharp 2.5.301之前版本和3.1.7之前版本存在资源管理错误漏洞,该漏洞源于多维数组格式化器直接从有效载荷读取维度长度并分配内存,可能导致大数据堆分配。
CVSS Information
N/A
Vulnerability Type
N/A