In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Credits
Andrew Fasano of NIST CAISI reported this vulnerability to CISA.
