VYPR

Go modules package

github.com/shamaton/msgpack/v3

pkg:golang/github.com/shamaton/msgpack/v3

Vulnerabilities (1)

  • CVE-2026-32284HigMar 26, 2026
    affected <= 3.1.0

    The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.