CVE-2024-22051

EUVD-2022-1416
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
githubcmark-gfm
𝑥
< 0.28.3.gfm.21
githubcmark-gfm
0.29.0.gfm.0 ≤
𝑥
< 0.29.0.gfm.3
gjtorikiancommonmarker
𝑥
< 0.23.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-commonmarker
bookworm
0.23.6-1
fixed
bullseye
ignored
buster
no-dsa
forky
0.23.10-1
fixed
sid
0.23.10-1
fixed
trixie
0.23.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-commonmarker
bionic
ignored
focal
needs-triage
jammy
needs-triage
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
plucky
not-affected
questing
not-affected
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/advisories/GHSA-fmx4-26r3-wxpf
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
https://github.com/advisories/GHSA-fmx4-26r3-wxpf
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf