python · msgpackCritical
msgpack Python Library: Unpacker Reuse After Error May Cause SEGV (DoS)
A security advisory was published for the msgpack Python library.
What changed
A security advisory was published for the msgpack Python library. If the Unpacker is reused after an error, it may crash with a SEGV, leading to a potential DoS attack when unpacking untrusted input.
Who it affects
Users of msgpack Python library who reuse the Unpacker after an error occurs, especially when unpacking untrusted input.
What to do today
Upgrade to msgpack v1.2.1 or later, and ensure you create a new Unpacker after an error instead of reusing the old one.
The trail
Collected→
Audited→
Written→
Published