Описание
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns.
Отчет
The way the commonmarker gem is used in API Management Platform, doesn't allow for any significant crossing of security boundaries.
Меры по смягчению последствий
Disabling any use of the table extension of cmark-gfm will prevent this vulnerability from being triggered.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | commonmarker | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
CommonMarker versions prior to 0.23.4 are at risk of an integer overfl ...
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Уязвимость библиотеки CommonMarker, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
7.5 High
CVSS3