-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| System.Formats.Nrbf | nuget | < 9.0.0 | 9.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability (CWE-843) indicates type confusion during NRBF deserialization. System.Formats.Nrbf is the affected package, specifically versions <9.0.0. The core attack vector would involve malformed NRBF payloads exploiting type resolution weaknesses. Key deserialization entry points like ReadClassRecord and ReadType are prime candidates as they would handle type information decoding. The patch likely added type validation checks in these methods. While direct patch details are unavailable, the NRBF format's design and .NET's serialization patterns strongly suggest these functions as exploitation vectors.
A Semantic Attack on Google Gemini - Read the Latest Research