CVE-2015-5147

EUVD-2018-0377
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
redcarpet_projectredcarpet
𝑥
≤ 3.3.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-redcarpet
bookworm
3.5.1-1
fixed
bullseye
3.5.1-1
fixed
sid
3.6.0-1
fixed
trixie
3.6.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-redcarpet
precise
dne
trusty
dne
utopic
not-affected
vivid
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/06/29/3
http://www.openwall.com/lists/oss-security/2015/06/30/10
http://www.securityfocus.com/bid/75508
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
http://www.openwall.com/lists/oss-security/2015/06/29/3
http://www.openwall.com/lists/oss-security/2015/06/30/10
http://www.securityfocus.com/bid/75508
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md