CVE-2024-22051
published 2024-01-04CVE-2024-22051: CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.45%
70.1th percentile
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-commonmarker | < ruby-commonmarker 0.23.4-1 (bookworm) | ruby-commonmarker 0.23.4-1 (bookworm) |
| github | cmark-gfm | < 0.28.3.gfm.21 | 0.28.3.gfm.21 |
| github | cmark-gfm | >= 0.29.0.gfm.0 < 0.29.0.gfm.3 | 0.29.0.gfm.3 |
| gjtorikian | commonmarker | < 0.23.4 | 0.23.4 |
| gjtorikian | commonmarker | >= 0 < 0.23.4 | 0.23.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: parsing Markdown tables whose marker rows contain more than UINT16_MAX (65535) columns triggers the integer overflow in cmark-gfm's table row parsing ↗
- →Vulnerable component is the table extension of cmark-gfm (used by the commonmarker gem); monitor/alert on use of this extension in untrusted input parsing pipelines ↗
- ·Disabling the cmark-gfm table extension entirely mitigates the vulnerability; if the table extension is not in use, the attack surface is eliminated ↗
- ·Fixed in CommonMarker version 0.23.4; versions prior to 0.23.4 are vulnerable ↗
- ·Red Hat notes that the way commonmarker is used in 3scale API Management Platform does not allow significant crossing of security boundaries, reducing practical exploitability in that context ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-22051: CommonMarker versions prior to 0
osv·2024-01-04·CVSS 9.8
CVE-2024-22051 [CRITICAL] CVE-2024-22051: CommonMarker versions prior to 0
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
GHSA
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
ghsa·2022-03-03
CVE-2024-22051 [HIGH] CWE-190 Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
### Impact
CommonMarker uses `cmark-gfm` for rendering [Github Flavored Markdown](https://github.github.com/gfm/). An [integer overflow in `cmark-gfm`'s table row parsing](https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x) may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution.
If affected versions of CommonMarker are used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE).
### Patches
This vulnerability has been patched in the following CommonMarker release:
- v0.23.4
###
OSV
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
osv·2022-03-03
CVE-2024-22051 [HIGH] Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
### Impact
CommonMarker uses `cmark-gfm` for rendering [Github Flavored Markdown](https://github.github.com/gfm/). An [integer overflow in `cmark-gfm`'s table row parsing](https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x) may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution.
If affected versions of CommonMarker are used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE).
### Patches
This vulnerability has been patched in the following CommonMarker release:
- v0.23.4
###
Red Hat
commonmarker: integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption
vendor_redhat·2024-01-04·CVSS 9.8
CVE-2024-22051 [CRITICAL] CWE-190 commonmarker: integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption
commonmarker: integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns.
Statement: The way the commonmarker gem is used in API Management Platform, doesn't allow for any significant crossing of security boundaries.
Mitigation: Disabling any use of the table ext
Debian
CVE-2024-22051: ruby-commonmarker - CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnera...
vendor_debian·2024·CVSS 9.8
CVE-2024-22051 [CRITICAL] CVE-2024-22051: ruby-commonmarker - CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnera...
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
Scope: local
bookworm: resolved (fixed in 0.23.4-1)
bullseye: open
forky: resolved (fixed in 0.23.4-1)
sid: resolved (fixed in 0.23.4-1)
trixie: resolved (fixed in 0.23.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/advisories/GHSA-fmx4-26r3-wxpfhttps://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xhttps://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpfhttps://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpfhttps://github.com/advisories/GHSA-fmx4-26r3-wxpfhttps://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xhttps://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpfhttps://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
2024-01-04
Published