CVE-2020-5234
Description
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.578
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ImmutableCollection 1.9.11 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ImmutableCollection 2.1.90 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack 1.9.11 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack 2.1.90 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ReactiveProperty 1.9.11 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ReactiveProperty 2.1.90 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.Unity 1.9.11 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.Unity 2.1.90 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.UnityShims 1.9.11 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.UnityShims 2.1.90 | Windows |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ImmutableCollection for Linux 1.9.11 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ImmutableCollection for Linux 2.1.90 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack for Linux 1.9.11 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack for Linux 2.1.90 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ReactiveProperty for Linux 1.9.11 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.ReactiveProperty for Linux 2.1.90 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.Unity for Linux 1.9.11 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.Unity for Linux 2.1.90 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.UnityShims for Linux 1.9.11 | Linux |
| Vulnerabilities CVE-2020-5234 are fixed in Nuget - MessagePack.UnityShims for Linux 2.1.90 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234