CVE-2022-24724

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24724
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24724.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-24724
Aliases
  • GHSA-mc3g-88wq-6f4x
Downstream
Related
Published
2022-03-03T19:35:09Z
Modified
2025-11-14T13:03:06.920211Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Integer overflow in table parsing extension leads to heap memory corruption
Details

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:row_from_string may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where cmark-gfm is used. If cmark-gfm is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the cmark-gfm library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

Database specific 
{
    "cwe_ids": [
        "CWE-190"
    ]
}
References

Affected packages

Git / github.com/github/cmark-gfm

Affected ranges

Type
GIT
Repo
https://github.com/github/cmark-gfm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6fc5672293c1052e2fb7ab65a92a41495cb6426a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.28.3.gfm.21"
        }
    ]
}
Type
GIT
Repo
https://github.com/github/cmark-gfm
Events
Introduced
b8eb2e00de094999f978e9cb02b1a78d810812d3
Fixed
cf7577d2f74289cb83de0a652afc1a8b08a37036
Database specific 
{
    "versions": [
        {
            "introduced": "0.29.0.gfm.0"
        },
        {
            "fixed": "0.29.0.gfm.3"
        }
    ]
}

Affected versions

0.*

0.27.1.gfm.2
0.27.1.gfm.3
0.27.1.gfm.4
0.28.0.gfm.10
0.28.0.gfm.11
0.28.0.gfm.5
0.28.0.gfm.6
0.28.0.gfm.7
0.28.0.gfm.8
0.28.0.gfm.9
0.28.3.gfm.12
0.28.3.gfm.13
0.28.3.gfm.14
0.28.3.gfm.15
0.28.3.gfm.16
0.28.3.gfm.17
0.28.3.gfm.18
0.28.3.gfm.19
0.28.3.gfm.20
0.29.0.gfm.0
0.29.0.gfm.1
0.29.0.gfm.2