CVE-2026-32284

216.73.217.22

· Published 26/03/2026 20:16 · Modified 26/03/2026 20:16

Labels: CVE-2026-32284 2026-03-26 CVE-2026-32284 [email protected]

Essential information

Published: 26/03/2026 20:16
Modified: 26/03/2026 20:16
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data (format codes 0xd4-0xd8). This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
golang / msgpack	`cpe:2.3:a:golang:msgpack::::::::`

CVE-2026-32284

Essential information

Description

NVD status

Affected products (CPE)

References