Go modules package
github.com/shamaton/msgpack/v2
pkg:golang/github.com/shamaton/msgpack/v2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32284 | Hig | 7.5 | <= 2.4.0 | — | Mar 26, 2026 | The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack. | |
| CVE-2022-41719 | Hig | 7.5 | < 2.1.1 | 2.1.1 | Nov 10, 2022 | Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. |
- affected <= 2.4.0
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.
- affected < 2.1.1fixed 2.1.1
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.