Lucene search

Redhat.comRH:CVE-2024-22051

HistoryJan 05, 2024 - 1:02 a.m.

CVE-2024-22051

2024-01-0501:02:21

redhat.com

access.redhat.com

integer overflow

cmark-gfm

table parsing

heap memory corruption

vulnerability

mitigation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

An integer overflow in cmark-gfm’s table row parsing may lead to heap memory corruption when parsing tables who’s marker rows contain more than UINT16_MAX columns.

Mitigation

Disabling any use of the table extension of cmark-gfm will prevent this vulnerability from being triggered.

References

bugzilla.redhat.com/show_bug.cgi?id=2256887

github.com/advisories/GHSA-fmx4-26r3-wxpf

nvd.nist.gov/vuln/detail/CVE-2024-22051

www.cve.org/CVERecord?id=CVE-2024-22051

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

Related for RH:CVE-2024-22051