PT-2022-1777 · Cmark-Gfm+4 · Cmark-Gfm+4

Felix Wilhelm

Published

2022-03-03

Updated

2023-10-06

CVE-2022-24724

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cmark-gfm versions prior to 0.29.0.gfm.3 and 0.28.3.gfm.21

Description The issue is related to an integer overflow in cmark-gfm's table row parsing, which may lead to heap memory corruption when parsing tables with more than UINT16 MAX columns. This can result in Information Leak or Arbitrary Code Execution, depending on how and where cmark-gfm is used. If cmark-gfm is used for rendering remote user-controlled markdown, this may lead to Remote Code Execution (RCE) in applications employing affected versions of the cmark-gfm library.

Recommendations To resolve the issue, update to version 0.29.0.gfm.3 or 0.28.3.gfm.21, or later. As a temporary workaround, consider disabling the table extension in cmark-gfm to prevent this vulnerability from being triggered.

Exploit

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:5597

ALSA-2022_5597

BDU:2022-01140

CESA-2022_5597

CVE-2022-24724

GHSA-FMX4-26R3-WXPF

GHSA-MC3G-88WQ-6F4X

RHSA-2022:5597

RHSA-2022_5597

RSEC-2023-7

Affected Products

Almalinux

Centos

Debian

Red Hat

Cmark-Gfm

PT-2022-1777 · Cmark-Gfm+4 · Cmark-Gfm+4

CVE-2022-24724

Weakness Enumeration

Related Identifiers

Affected Products

References · 33