High severity7.5NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026
CVE-2026-33524
CVE-2026-33524
Description
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). This vulnerability is fixed in 2.18.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.github.ndsev:zserio-runtimeMaven | < 2.18.1 | 2.18.1 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/ndsev/zserio/security/advisories/GHSA-cwq5-8pvq-j65jnvdExploitMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-cwq5-8pvq-j65jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33524ghsaADVISORY
- github.com/ndsev/zserio/commit/a9932de4b5eefb3afd5e18ca2fd758aa744a7c69ghsaWEB
News mentions
0No linked articles in our index yet.