Veracode Vulnerability DatabaseVERACODE:44963Integer Overflow
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.4%
commonmarker is vulnerable to Integer Overflow . This vulnerability is due to unauthenticated remote access when parsing tables who’s marker rows contain more than UINT16_MAX columns. This allows the remote attackers to cause heap memory corruption which ranges from Information Leak to Arbitrary Code Execution.
References
github.com/advisories/GHSA-fmx4-26r3-wxpf
github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.4%