VYPR
Vendor

Msgpack

Products
3
CVEs
2
Across products
3
Status
Private

Products

3

Recent CVEs

2
  • CVE-2026-32284HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.

  • CVE-2026-21452Jan 2, 2026
    risk 0.00cvss epss 0.01

    MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers…