Vulnerability Description
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Cmark-Gfm | < 0.28.3.gfm.21 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.htmlExploitThird Party Advisory
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.htmlExploitThird Party Advisory
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-24724?
CVE-2022-24724 is a vulnerability with a CVSS score of 8.8 (HIGH). cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:...
How severe is CVE-2022-24724?
CVE-2022-24724 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24724?
Check the references section above for vendor advisories and patch information. Affected products include: Github Cmark-Gfm, Fedoraproject Fedora.