CVE-2024-22051 — CRITICAL (9.8)

Q: How severe is CVE-2024-22051?

CVE-2024-22051 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-22051?

Check the references section above for vendor advisories and patch information. Affected products include: Github Cmark-Gfm, Gjtorikian Commonmarker.

Vulnerability Description

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Github	Cmark-Gfm	< 0.28.3.gfm.21
Gjtorikian	Commonmarker	< 0.23.4

Related Weaknesses (CWE)

CWE-190

References

https://github.com/advisories/GHSA-fmx4-26r3-wxpfThird Party Advisory
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xNot Applicable
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63ePatch
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxVendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpfThird Party Advisory
https://github.com/advisories/GHSA-fmx4-26r3-wxpfThird Party Advisory
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xNot Applicable
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63ePatch
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxVendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpfThird Party Advisory

FAQ

What is CVE-2024-22051?

CVE-2024-22051 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, pote...

How severe is CVE-2024-22051?

CVE-2024-22051 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-22051?

Check the references section above for vendor advisories and patch information. Affected products include: Github Cmark-Gfm, Gjtorikian Commonmarker.