VYPR
High severity7.5NVD Advisory· Published Mar 26, 2026· Updated Jun 3, 2026

CVE-2026-32284

CVE-2026-32284

Description

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/shamaton/msgpack/v2Go
<= 2.4.0
github.com/shamaton/msgpack/v3Go
<= 3.1.0

Affected products

7

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.