dotnet · MessagePackHeads-up
MessagePack-CSharp Memory Exhaustion via Multi-Dimensional Array Formatters
MessagePack-CSharp's multi-dimensional array formatters allocate arrays based on attacker-controlled dimensions before validating that the product of dimensions
What changed
MessagePack-CSharp's multi-dimensional array formatters allocate arrays based on attacker-controlled dimensions before validating that the product of dimensions matches the encoded element count, enabling memory exhaustion via small payloads.
Who it affects
Applications deserializing untrusted MessagePack payloads into models containing multi-dimensional arrays (T[,], T[,,], T[,,,]).
What to do today
Upgrade MessagePack to the patched version once released; until then, avoid deserializing untrusted payloads into schemas with multi-dimensional arrays.
The trail
Collected→
Audited→
Written→
Published