Debian Ruby-Commonmarker vulnerabilities

CVE-2024-22051 [CRITICAL] CVE-2024-22051: ruby-commonmarker - CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnera... CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. Scope: loc

CVE-2023-26485 [MEDIUM] CVE-2023-26485: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been add

CVE-2023-37463 [MEDIUM] CVE-2023-37463: cmark-gfm - cmark-gfm is an extended version of the C reference implementation of CommonMark... cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. Scope: local bookworm: open bullseye: op

CVE-2023-24824 [MEDIUM] CVE-2023-24824: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has b

CVE-2023-22485 [MEDIUM] CVE-2023-22485: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible dama

CVE-2023-22483 [LOW] CVE-2023-22483: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to

CVE-2023-22486 [LOW] CVE-2023-22486: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. Scope: local bookworm: open bullseye:

CVE-2023-22484 [LOW] CVE-2023-22484: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. Scope: local bookworm: open bullseye: ope

CVE-2022-24724 [HIGH] CVE-2022-24724: cmark-gfm - cmark-gfm is GitHub's extended version of the C reference implementation of Comm... cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ran

CVE-2022-39209 [HIGH] CVE-2022-39209: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark

CVE-2020-5238 [MEDIUM] CVE-2020-5238: cmark-gfm - The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 take... The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1. Scope: local bo