Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-22051

Опубликовано: 04 янв. 2024
Источник: debian
EPSS Низкий

Описание

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-commonmarkerfixed0.23.4-1package
ruby-commonmarkerignoredbullseyepackage
ruby-commonmarkerno-dsabusterpackage

Примечания

  • https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x

  • https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf

  • https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 (v0.23.4)

  • This is a specific CVE assignment for the issue covered in CVE-2022-24724

  • https://bugzilla.redhat.com/show_bug.cgi?id=2256887

EPSS

Процентиль: 91%
0.07131
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-22051

CVSS3: 9.8
ubuntu
около 2 лет назад

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

redhat логотип

CVE-2024-22051

CVSS3: 7.5
redhat
около 2 лет назад

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

nvd логотип

CVE-2024-22051

CVSS3: 9.8
nvd
около 2 лет назад

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

github логотип

GHSA-fmx4-26r3-wxpf

CVSS3: 8.8
github
почти 4 года назад

Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

fstec логотип

BDU:2024-00321

CVSS3: 9.8
fstec
около 2 лет назад

Уязвимость библиотеки CommonMarker, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 91%
0.07131
Низкий