CVE-2024-22051
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 0.23.4 | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
- https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
- https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
- https://github.com/advisories/GHSA-fmx4-26r3-wxpf
- https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
- https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
- https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
- https://github.com/advisories/GHSA-fmx4-26r3-wxpf
- https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.