Intel

AIKIDO-2026-895839

mdex_native is vulnerable to Unbounded memory leak

Unbounded memory leakCVE-2026-53429 Published Jul 2, 2026

69

Medium Risk

This Affects:

ELIXIRmdex_native
0.1.0 - 0.2.2
Fixed in 0.2.3
Are you affected? Scan for Free

TL;DR

mdex_native leaks memory when rendering a document containing escaped-tag nodes. The Rust NIF conversion of each %MDEx.EscapedTag{} into its native representation (From<ExEscapedTag> for NodeValue in document.rs) calls Box::leak on the caller-supplied literal string, surrendering the backing allocation for the entire process lifetime. Both the byte length of each literal and the number of escaped-tag nodes are attacker-controlled, with no size cap or rate limit. Every render through MDEx.to_html/1 or any API that renders a supplied %MDEx.Document{} leaks literal_size × node_count bytes that can never be reclaimed, and repeated renders accumulate without bound.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

mdex_native is vulnerable to Unbounded memory leak in versions 0.1.0 - 0.2.2.

How to fix this

Upgrade the mdex_native library to the patch version.