CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_MCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
githubcmark-gfm
𝑥
< 0.28.3.gfm.21
githubcmark-gfm
0.28.3.gfm.21 <
𝑥
< 0.29.0.gfm.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cmark-gfm
bullseye
no-dsa
buster
no-dsa
sid
0.29.0.gfm.6-6
fixed
trixie
0.29.0.gfm.6-6
fixed
bookworm
0.29.0.gfm.6-6
fixed
ghostwriter
bullseye
1.8.1-2
no-dsa
buster
no-dsa
bookworm
2.1.6+ds-2
fixed
sid
23.04.3+ds-1
fixed
trixie
23.04.3+ds-1
fixed
python-cmarkgfm
bullseye
no-dsa
buster
no-dsa
sid
0.8.0-3
fixed
trixie
0.8.0-3
fixed
bookworm
0.8.0-3
fixed
r-cran-commonmark
bullseye
no-dsa
buster
no-dsa
bookworm
1.8.1-1
fixed
trixie
1.9.1-1
fixed
sid
1.9.2-1
fixed
ruby-commonmarker
bullseye
no-dsa
buster
no-dsa
bookworm
0.23.6-1
fixed
sid
0.23.10-1
fixed
trixie
0.23.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cmark-gfm
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
focal
needs-triage
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSKUOJ2VAYGTJXPDE2RRPMNLVVMKCI77/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJBFIJEHJZEEDG6MO4MQHZYKUXELH77O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55K6VNVKO2G5SNKRCQ2KDG5SKTX5PVV/
http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSKUOJ2VAYGTJXPDE2RRPMNLVVMKCI77/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJBFIJEHJZEEDG6MO4MQHZYKUXELH77O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55K6VNVKO2G5SNKRCQ2KDG5SKTX5PVV/