[DRE-maint] Bug#1006759: ruby-commonmarker: CVE-2022-24724 - integer overflow prior to 0.29.0.gfm.3 and 0.28.3.gfm.21 in cmark extension
Bastian Germann
bage at debian.org
Fri Jan 6 13:13:55 GMT 2023
Control: fixed -1 0.23.4-1
On Fri, 04 Mar 2022 11:46:39 +0000 Neil Williams <codehelp at debian.org> wrote:> CVE-2022-24724[0]:
> | cmark-gfm is GitHub's extended version of the C reference
> | implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and
> | 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing
> | `table.c:row_from_string` may lead to heap memory corruption when
> | parsing tables who's marker rows contain more than UINT16_MAX columns.
> | The impact of this heap corruption ranges from Information Leak to
> | Arbitrary Code Execution depending on how and where `cmark-gfm` is
> | used. If `cmark-gfm` is used for rendering remote user controlled
> | markdown, this vulnerability may lead to Remote Code Execution (RCE)
> | in applications employing affected versions of the `cmark-gfm`
> | library. This vulnerability has been patched in the following cmark-
> | gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is
> | available. The vulnerability exists in the table markdown extensions
> | of cmark-gfm. Disabling the table extension will prevent this
> | vulnerability from being triggered.
This should have been fixed with
https://github.com/gjtorikian/commonmarker/commit/3c2a8cce46f1aa610f47c7187e093f650d7a3eb3
which is included in 0.23.4.
More information about the Pkg-ruby-extras-maintainers
mailing list