MessagePack: StackOverflow via ReadDateTime with attacker-controlled extension length

MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension length, leading to a StackOverflowException that terminates the host process.

Applications that deserialize untrusted payloads into types containing DateTime or DateTimeOffset values using the MessagePack library.

Upgrade MessagePack to the patched version for your release line as soon as it is available; until then, avoid deserializing untrusted MessagePack payloads into schemas with DateTime/DateTimeOffset values.