CVE-2026-33524

Exploit

EPSS 0.32%
Veröffentlicht 24.04.2026 18:18:02
Zuletzt bearbeitet 28.04.2026 18:33:01
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Zserio: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). This vulnerability is fixed in 2.18.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nds-association ≫ Zserio Version < 2.18.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.236

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

https://github.com/ndsev/zserio/security/advisories/GHSA-cwq5-8pvq-j65j

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-33524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33524

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33524