CVE-2026-48109: 
C# 脆弱性の分析と軽減

CVE-2026-48109 is a vulnerability in the LZ4 decompression path of the MessagePack-CSharp library (NuGet package MessagePack) that can cause an AccessViolationException, leading to process termination (denial of service) and potential limited memory disclosure. It affects v2 versions prior to 2.5.301 and v3 versions from 3.0.214-rc.1 up to (but not including) 3.1.7. The vulnerability was published by maintainer AArnott on June 9, 2026, and added to the GitHub Advisory Database on June 11, 2026. It carries a CVSS v3.1 base score of 8.2 (High) (GitHub Advisory, MessagePack-CSharp Advisory).

The root cause is the use of a deprecated fast-decompression algorithm in the LZ4 decoder that does not enforce a source-length bound on the compressed input buffer. When an application deserializes untrusted data using the Lz4Block or Lz4BlockArray compression modes, a remote attacker can craft a MessagePack payload with manipulated LZ4 token and length fields to force out-of-bounds reads beyond the allocated buffer. This triggers an AccessViolationException during decompression, crashing the host process. Under certain conditions, data from adjacent memory regions may be read before the crash, resulting in limited unintended memory disclosure. No CWE identifier has been formally assigned to this vulnerability (GitHub Advisory, MessagePack-CSharp Advisory).

The primary impact is a denial of service: a remote, unauthenticated attacker can crash any process that deserializes untrusted MessagePack data with LZ4 compression enabled, resulting in high availability impact. A secondary, lower-severity risk is limited memory disclosure — over-read data from adjacent memory may be exposed before the process terminates, posing a low confidentiality risk. Integrity is not affected. The vulnerability is scoped to the affected process and does not inherently enable lateral movement or code execution (GitHub Advisory).

1. Reconnaissance: Identify applications that use the MessagePack NuGet package (versions < 2.5.301 or 3.0.214-rc.1 to < 3.1.7) and accept untrusted network input with LZ4 compression enabled (Lz4Block or Lz4BlockArray modes).
2. Craft malicious payload: Construct a MessagePack-formatted binary payload that uses the LZ4 compression format (Lz4Block or Lz4BlockArray header), with manipulated LZ4 token and/or length fields designed to reference memory beyond the end of the compressed input buffer.
3. Deliver payload: Send the crafted payload to the target application's deserialization endpoint (e.g., an API endpoint, message queue consumer, or network socket that processes MessagePack data).
4. Trigger out-of-bounds read: The vulnerable LZ4 decoder reads beyond the buffer boundary due to the manipulated length fields, potentially exposing adjacent memory contents.
5. Achieve denial of service: The out-of-bounds memory access triggers an AccessViolationException, causing the host process to terminate and resulting in a denial of service (GitHub Advisory, MessagePack-CSharp Advisory).

• Logs: Unhandled AccessViolationException or System.AccessViolationException entries in application logs or Windows Event Log (Event ID 1000/1026) originating from the MessagePack deserialization code path.
• Process: Unexpected process crashes or restarts of services that consume MessagePack-encoded data, particularly those using LZ4 compression modes.
• Network: Repeated or anomalous inbound requests containing MessagePack binary payloads (magic bytes 0xc4, 0xc5, or LZ4 extension type headers) to deserialization endpoints, especially from unexpected sources.
• Application: Crash dump files (.dmp) generated by the affected process referencing memory access violations in LZ4 decompression routines within the MessagePack assembly.

Upgrade the MessagePack NuGet package to version 2.5.301 (for v2 users) or 3.1.7 (for v3 users), which contain the patched LZ4 decompression implementation. If immediate upgrade is not feasible, apply one or more of the following workarounds: (1) disable LZ4 compression modes (Lz4Block, Lz4BlockArray) for any code paths that process untrusted input; (2) restrict compressed payload acceptance to strongly trusted producers only; (3) isolate the deserialization logic in a separate process or container with automatic restart supervision to limit availability impact (GitHub Advisory, MessagePack-CSharp Advisory).