diff --git a/changelogs/unreleased/ghs-18-mp-check-overflow-fix.md b/changelogs/unreleased/ghs-18-mp-check-overflow-fix.md
new file mode 100644
index 0000000000000000000000000000000000000000..68ecab67b0bf7ef0e1f07ccec026ebc8ac0c76a4
--- /dev/null
+++ b/changelogs/unreleased/ghs-18-mp-check-overflow-fix.md
@@ -0,0 +1,4 @@
+## bugfix/core
+
+* Fixed a bug in the MsgPack library that could lead to a failure to detect
+  invalid MsgPack input and, as a result, out-of-bounds read (ghs-18).
diff --git a/src/lib/msgpuck b/src/lib/msgpuck
index 0faa69988e232df03c0dd2dd04d57fdcea8e38f8..61b64ff19a72e4564f0abe3b6558b33b3765767d 160000
--- a/src/lib/msgpuck
+++ b/src/lib/msgpuck
@@ -1 +1 @@
-Subproject commit 0faa69988e232df03c0dd2dd04d57fdcea8e38f8
+Subproject commit 61b64ff19a72e4564f0abe3b6558b33b3765767d
diff --git a/test/unit/msgpack.result b/test/unit/msgpack.result
index b7ad3400e3cc6b8b49e791fe6a5d0e1d3c5a8edd..b536bc614dccd0e09dffba1d18b38058a40a810d 100644
--- a/test/unit/msgpack.result
+++ b/test/unit/msgpack.result
@@ -2112,7 +2112,7 @@ ok 19 - subtests
     ok 5 - str is correct
     # *** test_mp_print_ext: done ***
 ok 20 - subtests
-    1..69
+    1..71
     # *** test_mp_check ***
     ok 1 - invalid fixmap 1
     ok 2 - invalid fixmap 2
@@ -2175,14 +2175,16 @@ ok 20 - subtests
     ok 59 - invalid array32 2
     ok 60 - invalid map16 1
     ok 61 - invalid map16 2
-    ok 62 - invalid map16 2
-    ok 63 - invalid map32 1
-    ok 64 - invalid map32 2
-    ok 65 - invalid map32 3
-    ok 66 - invalid header 1
-    ok 67 - invalid header 2
-    ok 68 - invalid header 3
-    ok 69 - invalid header 4
+    ok 62 - invalid map16 3
+    ok 63 - invalid map16 4
+    ok 64 - invalid map32 1
+    ok 65 - invalid map32 2
+    ok 66 - invalid map32 3
+    ok 67 - invalid map32 4
+    ok 68 - invalid header 1
+    ok 69 - invalid header 2
+    ok 70 - invalid header 3
+    ok 71 - invalid header 4
     # *** test_mp_check: done ***
 ok 21 - subtests
     1..24