VYPR

Go modules package

github.com/shamaton/msgpack/v2

pkg:golang/github.com/shamaton/msgpack/v2

Vulnerabilities (2)

  • CVE-2026-32284HigMar 26, 2026
    affected <= 2.4.0

    The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.

  • CVE-2022-41719HigNov 10, 2022
    affected < 2.1.1fixed 2.1.1

    Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.