Description
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This issue has been fixed in version 1.2.1.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 30 Jun 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This issue has been fixed in version 1.2.1. | |
| Title | MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-30T21:36:23.418Z
Reserved: 2026-06-24T18:49:56.209Z
Link: CVE-2026-57585
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-416
Use After Free