CVE-2022-41719 – github.com/shamaton/msgpack/v2

Package

Manager: go
Name: github.com/shamaton/msgpack/v2
Vulnerable Version: >=0 <2.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00099 pctl0.28257

Details

MessagePack for Golang subject to DoS via Unmarshal panic Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1.

Metadata

Created: 2022-11-11T12:00:33Z
Modified: 2022-11-16T00:04:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-jr77-8gx4-h5qh/GHSA-jr77-8gx4-h5qh.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-jr77-8gx4-h5qh
Finding: F067
Auto approve: 1