GHSA-C2V4-CHX5-VFF6
Vulnerability from github – Published: 2024-01-04 21:30 – Updated: 2024-01-05 15:31
VLAI?
Summary
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Details
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-fmx4-26r3-wxpf. This link is maintained to preserve external references.
Original Description
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 0.23.4"
},
"package": {
"ecosystem": "RubyGems",
"name": "commonmarker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-05T15:31:42Z",
"nvd_published_at": "2024-01-04T21:15:10Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-fmx4-26r3-wxpf. This link is maintained to preserve external references.\n\n### Original Description\nCommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.\n\n",
"id": "GHSA-c2v4-chx5-vff6",
"modified": "2024-01-05T15:31:42Z",
"published": "2024-01-04T21:30:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x"
},
{
"type": "WEB",
"url": "https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22051"
},
{
"type": "WEB",
"url": "https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fmx4-26r3-wxpf"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption",
"withdrawn": "2024-01-05T15:31:42Z"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…