icon

We found results for “

CVE-2023-52079

Good to know:

icon
icon

Date: December 28, 2023

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Uncontrolled Recursion

CWE-674

Top Fix

icon

Upgrade Version

Upgrade to version msgpackr - 1.10.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us