Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

MessagePack-CSharp — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in MessagePack-CSharp, with AI-generated Chinese analysis, references, and POCs.

This page catalogs security vulnerabilities associated with the MessagePack-CSharp product, categorized under various weakness types and tagged for easy navigation within the broader software ecosystem. It aggregates a comprehensive list of known security flaws, ranging from data integrity issues and deserialization risks to potential denial-of-service conditions, covering reported incidents from the initial release through recent updates in 2024. By providing a centralized view of these issues, the page allows users to track vendor advisories and patches for MessagePack-CSharp, deepen their understanding of specific weakness classes relevant to serialization libraries, and review the historical pattern of vulnerabilities affecting this specific product over time. This resource is designed to help developers and security professionals assess risk, verify patch status, and understand the evolution of security practices within the MessagePack-CSharp project. The data is sourced from official vendor disclosures, security databases, and community reports, ensuring accuracy and relevance for those relying on this library for high-performance serialization tasks in .NET environments.

Vendor: MessagePack-CSharp

CVE IDTitleCVSSSeverityPublished
CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input CWE-20 8.2 High2026-06-22
CVE-2026-48502 MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows CWE-125--2026-06-22
CVE-2026-48506 MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth CWE-674 7.5 High2026-06-22
CVE-2026-48509 MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies CWE-1188--2026-06-22
CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths CWE-409--2026-06-22
CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps CWE-407--2026-06-22
CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement CWE-674--2026-06-22
CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement CWE-674--2026-06-22
CVE-2026-48514 MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length CWE-770--2026-06-22
CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions CWE-770--2026-06-22
CVE-2026-48516 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings CWE-407--2026-06-22
CVE-2026-48517 MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments CWE-470--2026-06-22
CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow CWE-328 7.5AIHighAI2024-10-17

All 13 known CVE vulnerabilities affecting MessagePack-CSharp with full Chinese analysis, references, and POCs where available.