CVE-2023-52079

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 28, 2023

Updated: Jan 4, 2024

CWE ID 754

CWE ID 674

Summary

CVE-2023-52079 affects msgpackr, a MessagePack implementation used in NodeJS and JavaScript. This vulnerability, which was addressed in version 1.10.1, allows users to trigger stuck threads by providing crafted MessagePack messages. The issue arises during message decoding and can result in a decoder that becomes stuck in a loop. To mitigate this vulnerability, replacing the 0x70 extension with a custom error or non-recursive referencing should be implemented.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t7jbTe
https://www.cve.org/CVERecord?id=CVE-2023-52079
https://nvd.nist.gov/vuln/detail/CVE-2023-52079

Back to Vulnerability Database

CVE-2023-52079

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations