aikido.dev Secure My Code

Intel/AIKIDO-2026-11117

AIKIDO-2026-11117

msgpack is vulnerable to Use After Free

Use After FreeGHSA-4mrv-5p47-p938 Published 3 days ago

36

Low Risk

This Affects:

RUBY

0.0.1 - 1.8.1

Fixed in 1.8.2

Are you affected? Scan for Free

TL;DR

The MessagePack::Buffer#clear method returns chunk memory pages to a shared pool without resetting the buffer's rmem cursor pointers. Reusing the cleared buffer for writing then hands back a slice of an already-freed page, and a later buffer allocating from the same pool can alias the same physical memory. This lets one buffer read or corrupt another buffer's data within the same process, but only when application code uses the MessagePack::Buffer API directly with a clear-and-reuse pattern. The fix resets the rmem pointers when the buffer is fully emptied so freed pages are no longer referenced.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

msgpack is vulnerable to Use After Free in versions 0.0.1 - 1.8.1.

How to fix this

Upgrade the msgpack library to the patch version.

36

Low Risk

This Affects:

RUBY

0.0.1 - 1.8.1

Fixed in 1.8.2

Are you affected? Scan for Free

Links

github.com/msgpack/msgpack-ruby/security/advisories/GHSA-4mrv-5p47-p938

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done