DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-32WQ-PPWG-3W4M: GHSA-32WQ-PPWG-3W4M: Denial of Service in EnhancedLinq.Async via Microsoft.Bcl.Memory Out-of-Bounds Read

#security #cve #cybersecurity #ghsa

GHSA-32WQ-PPWG-3W4M: Denial of Service in EnhancedLinq.Async via Microsoft.Bcl.Memory Out-of-Bounds Read

Vulnerability ID: GHSA-32WQ-PPWG-3W4M
CVSS Score: 7.5
Published: 2026-04-01

EnhancedLinq.Async is vulnerable to a Denial of Service (DoS) attack due to an out-of-bounds read flaw inherited from its transitive dependency on Microsoft.Bcl.Memory. This issue, originally tracked as CVE-2026-26127, allows unauthenticated remote attackers to crash applications by supplying malformed Base64Url-encoded payloads.

TL;DR

A flaw in the Base64Url decoder of Microsoft.Bcl.Memory causes an out-of-bounds read when parsing crafted input. Applications using EnhancedLinq.Async are vulnerable to Denial of Service via process crashes.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Out-of-bounds Read
  • CWE ID: CWE-125
  • Attack Vector: Network
  • CVSS Score: 7.5 (High)
  • Exploit Status: Unauthenticated DoS
  • Impact: High Availability Loss

Affected Systems

  • EnhancedLinq.Async
  • Microsoft.Bcl.Memory
  • .NET Ecosystem
  • EnhancedLinq.Async: < 1.0.0-beta.4 (Fixed in: Dependent on Microsoft.Bcl.Memory override)
  • Microsoft.Bcl.Memory: < 9.0.14 (Fixed in: 9.0.14)

Mitigation Strategies

  • Update dependencies
  • Explicit dependency overriding via .csproj
  • Pre-flight input validation

Remediation Steps:

  1. Identify all projects utilizing the EnhancedLinq.Async package.
  2. Modify the project's .csproj file to include an explicit PackageReference to Microsoft.Bcl.Memory.
  3. Set the Microsoft.Bcl.Memory version attribute to 9.0.14 or a newer stable release.
  4. Rebuild the application and verify that the NuGet resolution graph accurately reflects the updated version.
  5. Implement application-layer regex or length validation for incoming Base64Url strings before decoding.

References

Read the full report for GHSA-32WQ-PPWG-3W4M on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)