Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

GHSA-c2v4-chx5-vff6

Published Jan 4, 2024 · Modified Dec 7, 2024

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-fmx4-26r3-wxpf. This link is maintained to preserve external references.

Original Description

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

References

WEB https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
WEB https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-22051
WEB https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
ADVISORY https://github.com/advisories/GHSA-fmx4-26r3-wxpf
WEB https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes