Update dependency MessagePack to 3.1.7 [SECURITY]#68
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.1.4→3.1.7MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input
CVE-2026-48109 / GHSA-hv8m-jj95-wg3x
More information
Details
Impact
A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes
Lz4BlockandLz4BlockArray.The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote attacker can send a crafted MessagePack payload with manipulated LZ4 token/length fields to force out-of-bounds reads from the compressed input buffer. In affected environments, this can trigger an
AccessViolationExceptionduring decompression, causing process termination (denial of service). Under some conditions, limited unintended memory disclosure from over-read data may also be possible before failure.This issue affects applications that deserialize untrusted data while LZ4 compression is enabled.
Patches
The v2 versions are patched as of 2.5.301.
The v3 versions are patched as of 3.1.7.
Workarounds
Instead of upgrading, an application may take the following precautions:
Lz4Block,Lz4BlockArray).Resources
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
CVE-2026-48502 / GHSA-382j-8mxh-c7x2
More information
Details
Summary
MessagePackReader.ReadDateTime()can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computedtokenSizeincludes the extension body length from the wire and is used in astackallocoperation before the extension length is validated as one of the valid timestamp sizes.A very small payload can claim a large timestamp extension body and cause a stack allocation large enough to trigger an uncatchable
StackOverflowException, terminating the host process.Impact
Applications are affected when they deserialize untrusted payloads into types containing
DateTimevalues. This path is available through the standard formatter set and does not require opting into typeless serialization, LZ4 compression, Unity-specific resolvers, or other specialized features.MessagePackSecurity.UntrustedDataandMaximumObjectGraphDepthdo not mitigate this issue because the crash is caused by a single-frame stack allocation, not by object graph recursion.An attacker can send a MessagePack timestamp extension header with an oversized body length and insufficient body bytes. The reader enters the slow path, attempts to stack-allocate a buffer sized from that declared length, and can terminate the process before a catchable serialization exception is thrown.
Affected components
MessagePackMessagePackReader.ReadDateTimeDateTimeand formatter paths that callReadDateTimeMESSAGEPACKCSHARP-020, related stack allocation findingMESSAGEPACKCSHARP-CROW-MEM-001Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should validate timestamp extension lengths before any stack allocation. Valid MessagePack timestamp payload lengths are limited to the supported timestamp encodings, so oversized extension lengths should fail with a catchable MessagePack serialization exception before the slow path allocates a buffer.
Workarounds
Patching is recommended.
Until a patched version is available, avoid deserializing untrusted MessagePack payloads into schemas that contain
DateTimeorDateTimeOffsetvalues. Where possible, enforce strict maximum message sizes and reject malformed extension payloads before they reach MessagePack-CSharp.There is no complete workaround for applications that must deserialize attacker-controlled MessagePack data containing date/time fields with affected versions.
Resources
MESSAGEPACKCSHARP-020:ReadDateTimestack allocation from attacker-controlled extension lengthMESSAGEPACKCSHARP-CROW-MEM-001: related attacker-controlled stack allocation finding inMessagePackReaderCVE split rationale
This vulnerability is independently fixable in the DateTime extension parsing path by validating extension lengths before stack allocation. It is separate from recursive stack overflows, LZ4 issues, and collection allocation bugs.
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
CVE-2026-48506 / GHSA-vh6j-jc39-fggf
More information
Details
Summary
MessagePackReader.TrySkip()recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypassesMessagePackSecurity.MaximumObjectGraphDepth, the library's documented protection against deeply nested object graphs.Many generated and dynamic formatters call
reader.Skip()when they encounter unknown map keys, unknown array members, ignored fields, or data that should be skipped for forward compatibility. A deeply nested value in one of these skipped positions can therefore cause unbounded recursion and an uncatchableStackOverflowException.Impact
Applications that deserialize untrusted MessagePack payloads are affected when a formatter skips attacker-controlled values. This is a broad deserialization path and can be reached during normal object deserialization when an input includes an unknown member or extra value.
The attacker does not need to target a special resolver or compression mode. A payload containing many nested single-element arrays or maps in a skipped location can exhaust the process stack. Because
StackOverflowExceptionis not catchable in normal .NET execution, this terminates the host process and can deny service to other users of the same process.MessagePackSecurity.UntrustedDatadoes not mitigate this issue because the skip path does not participate in depth accounting.Affected components
MessagePackMessagePackReader.Skip,MessagePackReader.TrySkip, and formatter paths that skip unknown or ignored valuesMESSAGEPACKCSHARP-021, duplicate/open variantMESSAGEPACKCSHARP-OPEN-001Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should either make skip traversal iterative or apply the existing depth accounting to arrays and maps encountered by
TrySkip(). Any exceeded depth limit should result in a catchable serialization exception instead of process stack exhaustion.Workarounds
Patching is recommended.
There is no complete workaround for applications that deserialize untrusted MessagePack payloads with affected versions. Reducing accepted message sizes can raise the cost of exploitation but does not remove the recursive skip behavior. Strict schema validation outside MessagePack-CSharp may help only if it rejects unknown or skipped fields before the serializer sees them.
Resources
MESSAGEPACKCSHARP-021: unbounded recursion inTrySkip()MESSAGEPACKCSHARP-OPEN-001: duplicate/open finding for the same root causeCVE split rationale
This vulnerability is independently fixable in the skip traversal implementation. It should be tracked separately from formatter-specific missing depth checks, JSON conversion recursion, and non-recursion allocation bugs.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
CVE-2026-48509 / GHSA-2f33-pr97-265q
More information
Details
Summary
The parameterless
MessagePackInputFormatter()constructor uses default serializer options, which resolve toMessagePackSerializerOptions.StandardwithMessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary.This insecure default can expose applications to denial-of-service attacks that
MessagePackSecurity.UntrustedDatais intended to mitigate, such as hash-collision attacks against dictionary-like model properties.Impact
Applications are affected when they register
new MessagePackInputFormatter()without explicitly passing serializer options configured for untrusted data.An unauthenticated or otherwise untrusted HTTP client can send MessagePack request bodies that are deserialized using the trusted-data posture. For models containing hash-based collections, this can enable algorithmic complexity attacks using colliding keys. The default constructor makes the unsafe posture easy to use at the exact boundary where request bodies should be treated as untrusted.
Affected components
MessagePack.AspNetCoreMvcFormatterMessagePackInputFormatter()parameterless constructorMESSAGEPACKCSHARP-OPEN-009, duplicateMESSAGEPACKCSHARP-095Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePack.AspNetCoreMvcFormatterto the patched version for your release line.The fix should default the parameterless constructor to
MessagePackSerializerOptions.Standard.WithSecurity(MessagePackSecurity.UntrustedData), or require callers to pass explicit options so the trust posture is deliberate.Workarounds
Do not use the parameterless constructor on affected versions. Register the formatter with explicit untrusted-data options, for example:
Also apply normal HTTP request-size limits and model validation appropriate for your service.
Resources
MESSAGEPACKCSHARP-OPEN-009: MVC input formatter defaults to trusted-data security postureMESSAGEPACKCSHARP-095: duplicate finding for the same root causeSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
CVE-2026-48510 / GHSA-v72x-2h86-7f8m
More information
Details
Summary
When MessagePack-CSharp decompresses
Lz4BlockorLz4BlockArraypayloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed data is valid or that the declared expansion is reasonable.A small payload can claim a very large uncompressed length and force a large allocation before LZ4 decoding begins.
Impact
Applications are affected when they deserialize attacker-controlled MessagePack payloads with
MessagePackCompression.Lz4BlockorMessagePackCompression.Lz4BlockArrayenabled.In the
Lz4Blockcase, an attacker-controlled integer is used to request the destination span. In theLz4BlockArraycase, per-block uncompressed lengths and their aggregate can be attacker-controlled. Without a cap, the declared output size can be disproportionate to the input size, producing out-of-memory exceptions, process termination on constrained hosts, or severe memory pressure.This advisory is about unbounded allocation from declared decompressed sizes. It is separate from the LZ4 source-buffer over-read issue, which concerns unsafe decoder reads beyond the compressed input buffer.
Affected components
MessagePackMessagePackSerializerwithWithCompression(MessagePackCompression.Lz4Block)orWithCompression(MessagePackCompression.Lz4BlockArray)MessagePackSerializer.TryDecompressMESSAGEPACKCSHARP-OPEN-004Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should reject negative and excessive uncompressed lengths before allocation. It should also cap aggregate decompressed size for block arrays and expose or honor an appropriate maximum decompressed length policy.
Workarounds
Patching is recommended.
Until a patched version is available, do not enable MessagePack-CSharp's built-in LZ4 compression modes for untrusted inputs. If compression is required, enforce strict compressed and decompressed size limits outside MessagePack-CSharp before deserialization.
Resources
MESSAGEPACKCSHARP-OPEN-004: LZ4 decompression allocation from unbounded uncompressed lengthMESSAGEPACKCSHARP-011: duplicate decompression-bomb findingSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps
CVE-2026-48511 / GHSA-2x83-8g95-xh59
More information
Details
Summary
ExpandoObjectFormatter.DeserializepopulatesSystem.Dynamic.ExpandoObjectby callingIDictionary<string, object>.Addfor each map entry.ExpandoObjectinternally maintains member names in array-like structures, so inserting many distinct keys can require repeated linear scans and array copies.For large attacker-controlled maps, this produces quadratic CPU and allocation behavior. The issue is especially surprising because
ExpandoObjectResolver.Optionsis configured withMessagePackSecurity.UntrustedData, but collision-resistant dictionary comparers cannot protectExpandoObjectinsertion internals.Impact
Applications are affected when they deserialize untrusted MessagePack maps into
ExpandoObjectusingExpandoObjectResolveror related resolver options.A hostile payload containing many distinct keys can cause CPU exhaustion and allocation churn disproportionate to the input size. This can make a server unresponsive or exhaust memory under concurrent request load.
This is not a hash-collision attack against a configurable dictionary comparer. The super-linear behavior comes from
ExpandoObject's insertion model, soMessagePackSecurity.UntrustedDatadoes not eliminate the cost.Affected components
MessagePackExpandoObjectFormatter.Deserialize,ExpandoObjectResolverSystem.Dynamic.ExpandoObjectMESSAGEPACKCSHARP-102Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.Potential fixes include applying a map-entry count limit for
ExpandoObjectunder untrusted-data settings, buffering into a security-aware dictionary before materializing a boundedExpandoObject, or otherwise rejecting maps large enough to trigger quadratic behavior.Workarounds
Patching is recommended.
Until a patched version is available, avoid deserializing untrusted payloads into
ExpandoObject. Prefer strongly typed DTOs or dictionaries with security-aware comparers and explicit count limits. Enforce request-size and map-entry limits at the transport or application layer.Resources
MESSAGEPACKCSHARP-102:ExpandoObjectFormatterquadratic insertion behaviorSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
CVE-2026-48512 / GHSA-cj9g-3mj2-g8vv
More information
Details
Summary
MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization.
Three related issues are covered by this advisory:
MessagePackSerializer.ConvertFromJsonrecursively processes nested JSON arrays and objects inFromJsonCore()without consultingMessagePackSecurity.MaximumObjectGraphDepth.TinyJsonReader.ReadNextToken()recursively consumes comma and colon separator characters, allowing even malformed JSON with long separator runs to consume one stack frame per character.MessagePackSerializer.ConvertToJsonapplies depth checks to arrays and maps, but the typeless extension branch for ext-100 recursively callsToJsonCore()without applyingMessagePackSecurity.DepthStep(ref reader).Each path can allow attacker-controlled input to exhaust the process stack and trigger an uncatchable
StackOverflowExceptioninstead of failing with a catchable parse or serialization exception.Impact
Applications are affected when they call MessagePack-CSharp JSON conversion APIs on attacker-controlled data. This includes gateways, diagnostics endpoints, migration tools, logging paths, and services that convert between external JSON and MessagePack payloads.
For JSON-to-MessagePack conversion, deeply nested JSON arrays or objects can recurse through
FromJsonCore()without applying the configured object graph depth limit. Separately, long runs of comma or colon separator characters can recurse throughTinyJsonReader.ReadNextToken()before normal structural validation rejects the input.For MessagePack-to-JSON conversion, nested typeless extension wrappers can recurse through
ToJsonCore()without the depth guard that the same function applies to arrays and maps.MessagePackSecurity.UntrustedDatadoes not fully mitigate these conversion paths because the missing checks occur inside JSON conversion and tokenization branches that do not consistently use the configured depth policy.Affected components
MessagePackMessagePackSerializer.ConvertFromJson,MessagePackSerializer.ConvertToJsonFromJsonCore,ToJsonCore,TinyJsonReader.ReadNextTokenMESSAGEPACKCSHARP-090,MESSAGEPACKCSHARP-091,MESSAGEPACKCSHARP-092Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The JSON-to-MessagePack fix should add explicit JSON nesting-depth accounting to
FromJsonCore, using the configured maximum object graph depth or an equivalent limit, or rewrite the conversion to use an iterative bounded stack.The tokenizer fix should replace separator self-recursion in
TinyJsonReader.ReadNextToken()with an iterative loop so consecutive commas, colons, and whitespace do not consume stack frames.The MessagePack-to-JSON fix should apply
DepthStepand matchingreader.Depth--cleanup around recursiveToJsonCore()calls made from the typeless extension branch, consistent with the existing array and map conversion branches.Workarounds
Patching is recommended.
Until a patched version is available, do not pass untrusted JSON directly to
ConvertFromJson, and do not callConvertToJsonon untrusted MessagePack payloads that may contain typeless extension values. Validate JSON nesting depth with a parser that enforces depth limits before calling MessagePack-CSharp, reject malformed JSON before conversion, and apply strict input-size limits.Input-size limits reduce exposure but do not remove the recursive behavior in affected versions.
References
MESSAGEPACKCSHARP-090:ConvertFromJsonunbounded structural recursionMESSAGEPACKCSHARP-091:TinyJsonReader.ReadNextTokenseparator self-recursionMESSAGEPACKCSHARP-092:ConvertToJsonext-100 branch missing depth enforcementCVE split rationale
These issues are grouped because they affect the same JSON conversion feature area and share the same failure mode: recursive conversion/tokenization paths do not consistently enforce depth or iteration bounds for attacker-controlled input. They are distinct from normal binary MessagePack skip recursion, dynamic union formatter depth accounting, DateTime stack allocation, and allocation-oriented denial-of-service issues.
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement
CVE-2026-48513 / GHSA-wfr3-xj75-pfwh
More information
Details
Summary
Runtime-generated union deserializers emitted by
DynamicUnionResolverdo not callMessagePackSecurity.DepthStep(ref reader)and do not decrementreader.Deptharound recursive deserialization and skip paths.This means union deserialization does not consistently participate in the maximum object graph depth enforcement that protects other recursive formatter paths. For unknown union keys, the emitted deserializer calls
reader.Skip()on attacker-controlled data without an enclosing depth step.Impact
Applications are affected when they deserialize untrusted payloads into object graphs containing
[Union]-decorated interfaces or abstract classes handled byDynamicUnionResolver.An attacker can provide a union payload with an unknown key and a deeply nested value. Because the generated union formatter does not enter the depth accounting scope before skipping or recursively processing the value, configured depth limits can be bypassed. In combination with recursive skip behavior, this can terminate the process with an uncatchable
StackOverflowException.This issue is narrower than the general
TrySkip()recursion issue because it specifically concerns a formatter-generation path that fails to count union nesting. It remains independently fixable because the emitted IL should mirror the depth-step behavior used by source-generated union formatters and dynamic object formatters.Affected components
MessagePackDynamicUnionResolver.BuildDeserialize[Union]-decorated interface and abstract class hierarchies handled by the dynamic resolverMESSAGEPACKCSHARP-070Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should emit
DepthStepand matchingreader.Depth--cleanup in dynamic union deserializers, consistent with other recursive formatter implementations.Workarounds
Patching is recommended.
Until a patched version is available, avoid deserializing untrusted payloads into dynamically resolved
[Union]types. Prefer source-generated formatters that include depth checks, where applicable, and enforce outer message-size and schema constraints.Resources
MESSAGEPACKCSHARP-070: dynamic union deserializer missing depth-step enforcementSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length
CVE-2026-48514 / GHSA-w567-gjr2-hm5j
More information
Details
Summary
UnsafeBlitFormatterBase<T>.Deserializereads an attacker-controlledbyteLengthfrom an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes.The outer extension header is bounded by available input, but that bound is not used to constrain the inner
byteLengthbefore allocation. A very small payload can therefore request a very largeT[]allocation.Impact
Applications are affected when they deserialize untrusted payloads using Unity blit resolvers such as
UnityBlitResolverorUnityBlitWithPrimitiveArrayResolver.This is especially relevant to Unity multiplayer clients or servers that use MessagePack-CSharp for networked values such as vectors, matrices, or primitive arrays. A hostile peer can send an extension payload with a large declared byte length and cause an out-of-memory exception or process termination on memory-constrained platforms.
The resolver is opt-in, but the vulnerable value is pure wire input and the allocation happens before the formatter verifies that the declared bytes are actually present in the extension body.
Affected components
MessagePack.UnityClientUnityBlitResolver,UnityBlitWithPrimitiveArrayResolverUnsafeBlitFormatterBase<T>.DeserializeMESSAGEPACKCSHARP-080, duplicate/open variantMESSAGEPACKCSHARP-OPEN-010Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePack.UnityClientto the patched version for your release line.The fix should validate
byteLengthbefore allocation. It should reject negative lengths, lengths greater than the extension body length after metadata, and lengths that are not a valid multiple of the element size.Workarounds
Patching is recommended.
Until a patched version is available, do not use Unity blit resolvers on data received from untrusted peers. Use safer resolvers or explicitly validate and size-limit messages before deserialization.
Resources
MESSAGEPACKCSHARP-080: unsafe blit formatter allocation from unbounded byte lengthMESSAGEPACKCSHARP-OPEN-010: duplicate/open finding for the same root causeSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
CVE-2026-48515 / GHSA-cxmj-83gh-fp49
More information
Details
Summary
MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate
T[,],T[,,], orT[,,,]before validating that the dimension product matches the encoded element count.The formatter reads a guarded element array header, but allocation of the target multi-dimensional array happens before the dimensions are checked against that element count. A small payload can therefore declare large dimensions, provide an empty or tiny inner array, and cause a large heap allocation before element data is validated.
Impact
Applications are affected when they deserialize untrusted MessagePack payloads into models containing multi-dimensional arrays such as
T[,],T[,,], orT[,,,].An attacker can encode large dimension integers and a small guarded element array. The formatter allocates the target array from the dimensions before confirming that the product of dimensions is consistent with the element count.
The result can be out-of-memory exceptions, container termination on memory-constrained hosts, large object heap pressure, or severe CPU cost from zero-initializing oversized arrays.
MessagePackSecurity.UntrustedDatadoes not provide a general allocation cap for this path.Affected components
MessagePackTwoDimensionalArrayFormatter<T>.Deserialize,ThreeDimensionalArrayFormatter<T>.Deserialize,FourDimensionalArrayFormatter<T>.DeserializeT[,],T[,,], andT[,,,]MESSAGEPACKCSHARP-040, duplicate/open variantMESSAGEPACKCSHARP-OPEN-003Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should validate dimensions before allocation. Dimension values should be non-negative, their checked product should match the encoded element count, and the product should be bounded by the available payload and any configured security limits before
new T[...]is executed.Workarounds
Patching is recommended.
Until a patched version is available, avoid deserializing untrusted payloads into schemas containing multi-dimensional arrays. Prefer schema shapes that can be validated before allocation, such as bounded lists, dictionaries with application-level count limits, or jagged arrays with application-level limits.
Message-size limits reduce the blast radius but do not fully address allocation amplification where a small payload can encode disproportionate array dimensions.
Resources
MESSAGEPACKCSHARP-040: unchecked multi-dimensional array dimensionsMESSAGEPACKCSHARP-OPEN-003: duplicate/open finding for the multi-dimensional array issueSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings
CVE-2026-48516 / GHSA-q2h6-ghwm-5qm8
More information
Details
Summary
InterfaceLookupFormatter<TKey,TElement>constructs an internalDictionary<TKey, IGrouping<TKey,TElement>>with the default equality comparer instead of the security-aware comparer supplied byoptions.Security.GetEqualityComparer<TKey>().Other hash-based collection formatters use the security-aware comparer when
MessagePackSecurity.UntrustedDatais configured. This formatter omission allows hash-collision CPU denial of service againstILookup<TKey,TElement>even when the application has opted into the untrusted-data security posture.Impact
Applications are affected when they deserialize untrusted payloads into schemas containing
ILookup<TKey,TElement>with a key type for which attacker-controlled hash collisions are feasible.Under the default comparer, many colliding keys can degrade dictionary insertion from amortized constant time to quadratic behavior. A payload of colliding keys can consume CPU for a disproportionate amount of time. This bypasses the mitigation that developers intentionally enabled by using
MessagePackSecurity.UntrustedData.Affected components
MessagePackInterfaceLookupFormatter<TKey,TElement>.CreateILookup<TKey,TElement>MESSAGEPACKCSHARP-041Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should create the internal dictionary with
options.Security.GetEqualityComparer<TKey>(), matching the sibling dictionary and lookup formatter behavior.Workarounds
Patching is recommended.
Until a patched version is available, avoid exposing
ILookup<TKey,TElement>in DTOs that deserialize untrusted data. Use collection shapes that are already protected by the security-aware comparer path, or validate and cap collection sizes at the transport boundary.Resources
MESSAGEPACKCSHARP-041:InterfaceLookupFormattermissing security comparerSeverity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
CVE-2026-48517 / GHSA-qhmf-xw27-6rqr
More information
Details
Summary
MessagePack-CSharp's typeless deserialization includes
MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type)as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments.As a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type.
Impact
Applications are affected when they deserialize untrusted payloads using typeless serialization features such as
MessagePackSerializer.Typeless,TypelessObjectResolver, or related typeless resolver options.Typeless deserialization is already a high-risk feature for untrusted data, but the presence of a disallowed-type hook creates an expectation that blocked types remain blocked. This issue weakens that mitigation because the check is not applied structurally to nested type components. An attacker who can supply typeless ext-100 payloads may bypass exact outer-type blocklist checks by naming wrapper types such as arrays or generic containers.
The consequence depends on which type is reached and what the application allows typeless deserialization to instantiate. The original findings describe bypasses involving blocked or user-blocklisted gadget types.
Affected components
MessagePackMessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed,TypelessFormatterMESSAGEPACKCSHARP-030, duplicate/open variantMESSAGEPACKCSHARP-OPEN-007Patches
Fixes are available via versions 2.5.301 and 3.1.7.
Upgrade guidance:
MessagePackto the patched version for your release line.The fix should apply type-disallow checks recursively to array element types, pointer/byref element types where applicable, nullable underlying types, and constructed generic type arguments. Formatter paths that materialize types supplied by the wire should not instantiate inner types that fail the configured policy.
Workarounds
Patching is recommended.
Avoid typeless deserialization for untrusted data. If typeless support is unavoidable, configure an explicit allowlist that rejects any type not approved by the application and ensure the allowlist recursively validates array elements and generic arguments. Do not rely on exact outer-type blocklists as a complete security boundary.
Resources
MESSAGEPACKCSHARP-030: typeless disallowed-type check is not recursiveMESSAGEPACKCSHARP-OPEN-007: duplicate/open finding for typeless blocklist gapsCVE split rationale
This vulnerability is independently fixable in typeless type-policy enforcement. It is separate from MVC default options, collection allocation, LZ4 decoding, and recursion-depth issues.
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
MessagePack-CSharp/MessagePack-CSharp (MessagePack)
v3.1.7What's Changed
scopedtoMessagePackWriter.Write(ReadOnlySpan<T>)methods by @AArnott in #2271Security release details
This release fixes 3 high severity and 9 moderate severity security vulnerabilities.
High severity advisory fixes
26d4e74GHSA-382j-8mxh-c7x2 Reject invalid DateTime ext lengths for CWE-789b9cb605GHSA-vh6j-jc39-fggf Use iteration for skipping msgpack structures for CWE-674719e690GHSA-hv8m-jj95-wg3x Bound LZ4 input reads for CWE-125Moderage severity advisory fixes
2b5a500GHSA-v72x-2h86-7f8m Guard LZ4 decompression length for CWE-409f093bdcGHSA-qhmf-xw27-6rqr Reject nested typeless blocklist bypass for CWE-502f077798GHSA-2f33-pr97-265q Default MVC input formatter to UntrustedData for CWE-118825a3493GHSA-2x83-8g95-xh59 Limit untrusted ExpandoObject maps for CWE-407b414e6dGHSA-wfr3-xj75-pfwh Guard dynamic union depth for CWE-6740555f07GHSA-w567-gjr2-hm5j Validate Unity blit lengths for CWE-7899b5783aGHSA-cxmj-83gh-fp49 Fix CWE-789 multidimensional array allocation validationf96fcf0GHSA-q2h6-ghwm-5qm8 Use secure lookup comparer for CWE-407b3af7cfGHSA-cj9g-3mj2-g8vv Guard JSON conversion depth for CWE-67466ad089GHSA-cj9g-3mj2-g8vv Avoid JSON separator recursion for CWE-674082ba7dGHSA-cj9g-3mj2-g8vv Guard typeless JSON depth for CWE-674Fixes with no security advisory
fb0fe9fHonor TypeFormatter options hooks for CWE-470c1c06a6Fix WriteRawX methods to advance by written length46c6a0fFix CWE-190 map header length overflowFull Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.6...v3.1.7
v3.1.6What's Changed
Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.5...v3.1.6
v3.1.5What's Changed
Fix Incorrect DateTimeOffset Serializer by @T0PP1ng in #2225New Contributors
Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.4...v3.1.5
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.