Google Git
Sign in
go/vulndb/refs/heads/master/./data/cve/v5/GO-2026-4513.json
blob: 3c45dad7a4c899727b26d7390716dbc4f548592e [file] [edit]
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"cveId": "CVE-2026-32284"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc"
},
"title": "Denial of service in github.com/shamaton/msgpack",
"descriptions": [
{
"lang": "en",
"value": "The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack."
}
],
"affected": [
{
"vendor": "github.com/shamaton/msgpack",
"product": "github.com/shamaton/msgpack",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/shamaton/msgpack",
"programRoutines": [
{
"name": "Unmarshal"
},
{
"name": "UnmarshalAsMap"
},
{
"name": "UnmarshalAsArray"
},
{
"name": "DecodeStructAsArray"
},
{
"name": "DecodeStructAsMap"
}
],
"defaultStatus": "affected"
},
{
"vendor": "github.com/shamaton/msgpack/v2",
"product": "github.com/shamaton/msgpack/v2",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/shamaton/msgpack/v2",
"programRoutines": [
{
"name": "Unmarshal"
},
{
"name": "UnmarshalAsMap"
},
{
"name": "UnmarshalAsArray"
}
],
"defaultStatus": "affected"
},
{
"vendor": "github.com/shamaton/msgpack/v3",
"product": "github.com/shamaton/msgpack/v3",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/shamaton/msgpack/v3",
"programRoutines": [
{
"name": "Unmarshal"
},
{
"name": "UnmarshalAsMap"
},
{
"name": "UnmarshalAsArray"
}
],
"defaultStatus": "affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-125: Out-of-bounds Read"
}
]
}
],
"references": [
{
"url": "https://github.com/shamaton/msgpack/issues/59"
},
{
"url": "https://github.com/golang/vulndb/issues/4513"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4513"
}
]
}
}
}