
PEACH
Un framework di isolamento del tenant
CVE-2026-57585 is a Use After Free (CWE-416) vulnerability in MessagePack for Python (msgpack) that causes an out-of-bounds read and process crash (SEGV) when the Unpacker object is reused after an error occurs. It affects all versions of the msgpack pip package up to and including v1.2.0. The vulnerability was published on June 19, 2026, with a fix released in v1.2.1. It carries a CVSS v3.1 base score of 7.5 (High) (GitHub Advisory, GHSA).
The root cause is a Use After Free condition (CWE-416) in the C-level Unpacker implementation. When unpack_execute() returns an error (ret == -1), the internal parser context (unpack_context) was not properly cleared — specifically, unpack_clear() was not called on error paths in unpack_construct() and unpack_skip(). This left the context in a corrupt state with dangling or freed object references. Subsequent calls to unpack() or skip() on the same Unpacker instance would then operate on this corrupt context, leading to a SIGSEGV. The fix (commit 2c56ddb) adds unpack_clear() calls on all error return paths and corrects an off-by-one in the stack cleanup loop (GitHub Commit, GitHub Advisory).
Successful exploitation causes the Python process to crash with a SIGSEGV, resulting in a Denial of Service (DoS). Applications that process untrusted, externally-sourced MessagePack data using a reused Unpacker instance are at risk. There is no known confidentiality or integrity impact — the vulnerability is limited to availability (GHSA).
msgpack.Unpacker in streaming mode and reuses the same Unpacker instance after catching deserialization errors (e.g., a network service accepting MessagePack-encoded input).strict_map_key=True is set (e.g., b"\x83\x73\xc4\x00" — a fixmap(3) with an integer key followed by an empty bin8).Unpacker.unpack() call raises an exception (e.g., ValueError), which the application catches and continues.Unpacker context was not cleared after the first error, the subsequent unpack() or skip() call operates on a corrupt parser state, triggering a SIGSEGV and crashing the process (GitHub Commit, GHSA).SIGSEGV (signal 11) or Segmentation fault message in system logs, originating from a msgpack deserialization call.ValueError, FormatError, or StackError exceptions from msgpack.Unpacker, followed by an abrupt process exit without a clean Python traceback.\x83\x73\xc4\x00).Upgrade the msgpack pip package to v1.2.1, which includes the fix for this vulnerability (msgpack Release). As a workaround for users who cannot upgrade immediately, always create a new Unpacker instance rather than reusing an existing one after any exception is caught during unpacking. Note that even with the patch applied, reusing a Streaming Unpacker after an error will not yield correct data — discarding the stream and unpacker on error is the correct design pattern regardless (GHSA).
Fonte: Questo report è stato generato utilizzando l'intelligenza artificiale
Valutazione gratuita delle vulnerabilità
Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.
Richiedi una demo personalizzata
"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."