EIQ-2019-0003#
ID |
EIQ-2019-0003 |
|---|---|
CVE |
- |
Description |
msgpack-python can consume all available system memory |
Date |
05 Feb 2019 |
Severity |
1 - LOW |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
✅ 2.3.4 |
Assessment |
msgpack-python is a Python implementation of the MessagePack serializer. msgpack-python versions earlier than 0.6.0 set a very high object size default limit. This makes it possible to pass extremely large objects for serialization, which results in the process using all the available system memory. |
Mitigation |
Update to msgpack-python 0.6.1. |
Affected versions |
2.3.3 |
Notes |
msgpack-python is a used as a dependency only in EclecticIQ Platform 2.3.3 For more information, see Change default decoder limits. |