MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
Affected Components: org.msgpack.core.MessageUnpacker.readPayload() org.msgpack.core.MessageUnpacker.unpackValue() org.msgpack.value.ExtensionValue.getData() A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only …