VYPR

Zserio

by Nds Association

Source repositories

CVEs (2)

  • CVE-2026-33666HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is completely bypassed. The code then…

  • CVE-2026-33524HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). This…