cbcvebase.
CVE-2024-22051
published 2024-01-04

CVE-2024-22051: CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote…

PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.45%
70.1th percentile
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianruby-commonmarker< ruby-commonmarker 0.23.4-1 (bookworm)ruby-commonmarker 0.23.4-1 (bookworm)
githubcmark-gfm< 0.28.3.gfm.210.28.3.gfm.21
githubcmark-gfm>= 0.29.0.gfm.0 < 0.29.0.gfm.30.29.0.gfm.3
gjtorikiancommonmarker< 0.23.40.23.4
gjtorikiancommonmarker>= 0 < 0.23.40.23.4

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: parsing Markdown tables whose marker rows contain more than UINT16_MAX (65535) columns triggers the integer overflow in cmark-gfm's table row parsing
  • Vulnerable component is the table extension of cmark-gfm (used by the commonmarker gem); monitor/alert on use of this extension in untrusted input parsing pipelines
  • ·Disabling the cmark-gfm table extension entirely mitigates the vulnerability; if the table extension is not in use, the attack surface is eliminated
  • ·Fixed in CommonMarker version 0.23.4; versions prior to 0.23.4 are vulnerable
  • ·Red Hat notes that the way commonmarker is used in 3scale API Management Platform does not allow significant crossing of security boundaries, reducing practical exploitability in that context

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.