CVE-2024-22051

Published Jan 4, 2024

Last updated 10 months ago

Overview

Description: CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
Source: disclosure@vulncheck.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-190
disclosure@vulncheck.com: CWE-190

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE338A98-B4AC-4761-B15C-8E94487F3BD7",
            "versionEndExcluding": "0.28.3.gfm.21"
          },
          {
            "criteria": "cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF1563A6-80D2-444D-A498-20E253181077",
            "versionEndExcluding": "0.29.0.gfm.3",
            "versionStartIncluding": "0.29.0.gfm.0"
          },
          {
            "criteria": "cpe:2.3:a:gjtorikian:commonmarker:*:*:*:*:*:ruby:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F5F9E76-CBF8-4C5B-AECB-C15FC797B04A",
            "versionEndExcluding": "0.23.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References