logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

GHSA-c2v4-chx5-vff6 commonmarker

Package

Manager: gem
Name: commonmarker
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fmx4-26r3-wxpf. This link is maintained to preserve external references. ### Original Description CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

Metadata

Created: 2024-01-04T21:30:24Z
Modified: 2024-01-05T15:31:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-c2v4-chx5-vff6/GHSA-c2v4-chx5-vff6.json
CWE IDs: ["CWE-190"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0