CVE-2026-42241: CWE-789: Memory Allocation with Excessive Size Value in G-Research ParquetSharp
CVE-2026-42241 is a medium severity vulnerability in the ParquetSharp . NET library versions 18. 1. 0 up to but not including 23. 0. 0. 1. The issue arises from the DecimalConverter. ReadDecimal method performing a stack allocation using a potentially attacker-controlled size value. If an attacker crafts a decimal column with an excessively large width, this can cause a stack overflow, potentially crashing the service that processes untrusted Parquet files.
AI Analysis
Technical Summary
ParquetSharp is a .NET library for handling Apache Parquet files. Versions from 18.1.0 to before 23.0.0.1 contain a vulnerability where the DecimalConverter.ReadDecimal method uses stackalloc with a size parameter that can be influenced by an attacker. This can lead to a stack overflow if a malicious Parquet file declares a decimal column with an unreasonably large width. The flaw affects applications that read untrusted Parquet files, potentially causing service crashes. The issue is addressed in ParquetSharp version 23.0.0.1.
Potential Impact
An attacker who can supply malicious Parquet files to an application using vulnerable versions of ParquetSharp may cause a stack overflow, leading to denial of service by crashing the affected service. There is no indication of confidentiality or integrity impact, only availability is affected.
Mitigation Recommendations
This vulnerability is fixed in ParquetSharp version 23.0.0.1. Users should upgrade to this version or later to remediate the issue. Until upgraded, avoid processing untrusted Parquet files or implement additional validation to restrict decimal column widths to reasonable sizes.
CVE-2026-42241: CWE-789: Memory Allocation with Excessive Size Value in G-Research ParquetSharp
Description
CVE-2026-42241 is a medium severity vulnerability in the ParquetSharp . NET library versions 18. 1. 0 up to but not including 23. 0. 0. 1. The issue arises from the DecimalConverter. ReadDecimal method performing a stack allocation using a potentially attacker-controlled size value. If an attacker crafts a decimal column with an excessively large width, this can cause a stack overflow, potentially crashing the service that processes untrusted Parquet files.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ParquetSharp is a .NET library for handling Apache Parquet files. Versions from 18.1.0 to before 23.0.0.1 contain a vulnerability where the DecimalConverter.ReadDecimal method uses stackalloc with a size parameter that can be influenced by an attacker. This can lead to a stack overflow if a malicious Parquet file declares a decimal column with an unreasonably large width. The flaw affects applications that read untrusted Parquet files, potentially causing service crashes. The issue is addressed in ParquetSharp version 23.0.0.1.
Potential Impact
An attacker who can supply malicious Parquet files to an application using vulnerable versions of ParquetSharp may cause a stack overflow, leading to denial of service by crashing the affected service. There is no indication of confidentiality or integrity impact, only availability is affected.
Mitigation Recommendations
This vulnerability is fixed in ParquetSharp version 23.0.0.1. Users should upgrade to this version or later to remediate the issue. Until upgraded, avoid processing untrusted Parquet files or implement additional validation to restrict decimal column widths to reasonable sizes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-25T05:37:12.118Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fce65acbff5d861023a2ea
Added to database: 5/7/2026, 7:22:02 PM
Last enriched: 5/7/2026, 7:36:42 PM
Last updated: 5/7/2026, 8:39:46 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.