Primary

Context

ParquetSharp Stack Overflow Vulnerability in Decimal Column Handling

Vulnerability

A stack overflow vulnerability has been identified in ParquetSharp, a .NET library for processing Apache Parquet files. This issue affects versions 18.1.0 prior to 23.0.0.1. The vulnerability arises in the DecimalConverter.ReadDecimal method, which uses stack allocation based on potentially attacker-supplied values. If a decimal column with an excessive width is declared, it could lead to a stack overflow. In a service environment, this could disrupt the service. The vulnerability impacts applications that use ParquetSharp to read untrusted Parquet files over the network.

Impact

Exploitation of this vulnerability can cause a stack overflow, potentially leading to a denial of service by crashing the application or service that is processing the Parquet file.

Remediation

Users are advised to upgrade to ParquetSharp version 23.0.0.1 or later. The updated version is available on NuGet.

Added: May 7, 2026, 8:39 PM

Updated: May 7, 2026, 8:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

7.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

7.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ParquetSharp Stack Overflow Vulnerability in Decimal Column Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating