shamaton/msgpack

Releases25

Frequency3 months 3 weeks

Last Release 16 days ago

Stars179

easier, faster, but extendable MessagePack Serializer for Golang. / msgpack.org[Go]

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-32284 ↗	Mar 26, 2026Thursday, 26 March 2026, 20:16	7.5 HIGH	—
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.
CVE-2022-41719 ↗	Nov 10, 2022Thursday, 10 November 2022, 20:15	7.5 HIGH	—
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.