CVE-2015-5147 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Redcarpet

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-267 — Privilege Defined With Unsafe Actions9 documents6 sources

Severity

7.5HIGHNVD

OSV7.3

EPSS

1.2%

top 21.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redcarpet Project Redcarpet Debian Ruby-redcarpet

Timeline

PublishedJul 14

Latest updateAug 15

Description

Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶RubyGemsredcarpet_project/redcarpet3.3.0 — 3.3.2

▶NVDredcarpet_project/redcarpet3.3.1

▶debiandebian/ruby-redcarpet

🔴Vulnerability Details

OSV

redcarpet Buffer Overflow vulnerability↗2018-08-15

▶

GHSA

redcarpet Buffer Overflow vulnerability↗2018-08-15

▶

OSV

ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities↗2017-07-25

▶

📋Vendor Advisories

Debian

CVE-2015-5147: ruby-redcarpet - Stack-based buffer overflow in the header_anchor function in the HTML renderer i...↗2015

▶

Red Hat

ruby: DL:: dlopen could open a library with tainted library name↗2009-05-11

▶

💬Community

Bugzilla

CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name↗2015-07-31

▶

Bugzilla

rubygem-redcarpet: possible XSS of untrusted markdown if autolink extension is enabled↗2015-04-08

▶