6.8
CVE-2020-5234
- EPSS 0.58%
- Veröffentlicht 31.01.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:33:43
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginMessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Messagepack ≫ Messagepack SwPlatformc# Version < 1.9.3
Messagepack ≫ Messagepack SwPlatformc# Version >= 2.0.323 < 2.1.80
Messagepack ≫ Messagepack Version2.0.94 Updatealpha SwPlatformc#
Messagepack ≫ Messagepack Version2.0.110 Updatealpha SwPlatformc#
Messagepack ≫ Messagepack Version2.0.119 Updatebeta SwPlatformc#
Messagepack ≫ Messagepack Version2.0.123 Updatebeta SwPlatformc#
Messagepack ≫ Messagepack Version2.0.204 Updatebeta SwPlatformc#
Messagepack ≫ Messagepack Version2.0.270 Updaterc SwPlatformc#
Messagepack ≫ Messagepack Version2.0.299 Updaterc SwPlatformc#
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.68 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 6.8 | 8 | 6.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:C
|
| security-advisories@github.com | 4.8 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.