Integer Overflow Vulnerability in CommonMarker by Gjtorikian
CVE-2024-22051

9.8CRITICAL

Key Information:

Vendor: Github
Status
Vendor: CVE Published:; 4 January 2024

What is CVE-2024-22051?

CommonMarker versions earlier than 0.23.4 are susceptible to an integer overflow issue during the parsing of tables with excessive marker row columns exceeding the UINT16_MAX limit. This flaw can lead to heap memory corruption, heightening the risk of information disclosure or unauthorized remote code execution by attackers without authentication. The vulnerability emphasizes the need for immediate attention and patching to safeguard applications utilizing this library from potential exploitation.

References

https://github.com/github/cmark-gfm/security/advisories/G...

https://github.com/gjtorikian/commonmarker/security/advis...

vendor-advisory

https://github.com/gjtorikian/commonmarker/commit/ab4504f...

patch

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2024

Github

What is CVE-2024-22051?

References

EPSS Score

CVSS V3.1

Timeline