You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a few places in the code where an untrusted count / length / etc. value is used as a length argument for array creation. This allows trivial DoS via an untrusted payload specifying very large lengths but never providing any data after the length value.
There are a few places in the code where an untrusted count / length / etc. value is used as a length argument for array creation. This allows trivial DoS via an untrusted payload specifying very large lengths but never providing any data after the length value.
SafePayloadReader/System.Runtime.Serialization.BinaryFormat/Records/ArraySinglePrimitiveRecord.cs
Lines 61 to 71 in cfb7ac5
SafePayloadReader/System.Runtime.Serialization.BinaryFormat/Infos/ClassInfo.cs
Lines 34 to 35 in cfb7ac5
SafePayloadReader/System.Runtime.Serialization.BinaryFormat/Infos/MemberTypeInfo.cs
Lines 22 to 24 in cfb7ac5
SafePayloadReader/System.Runtime.Serialization.BinaryFormat/Records/ArraySingleStringRecord.cs
Line 32 in cfb7ac5
SafePayloadReader/System.Runtime.Serialization.BinaryFormat/Records/BinaryArrayRecord.cs
Lines 39 to 47 in cfb7ac5
The text was updated successfully, but these errors were encountered: