CVE-2022-24724Integer Overflow or Wraparound in Github Cmark-gfm

CWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
4.2%
top 11.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Github Cmark-gfmDebian Cmark-gfmDebian Ghostwriter+4 more
Timeline
PublishedMar 3

Description

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rende

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

NVDgithub/cmark-gfm< 0.28.3.gfm.21+1
Debiangithub/cmark-gfm< 0.29.0.gfm.3-3+2
CVEListV5github/cmark-gfm>= 0.29.0.gfm.0, < 0.29.0.gfm.3
debiandebian/cmark-gfm< cmark-gfm 0.29.0.gfm.3-3 (bookworm)
debiandebian/python-cmarkgfm< cmark-gfm 0.29.0.gfm.3-3 (bookworm)

Also affects: Fedora 34, 35, 36

🔴Vulnerability Details

1
OSV
CVE-2022-24724: cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark2022-03-03

📋Vendor Advisories

2
Red Hat
cmark-gfm: possible RCE due to integer overflow2022-03-03
Debian
CVE-2022-24724: cmark-gfm - cmark-gfm is GitHub's extended version of the C reference implementation of Comm...2022