[Python-modules-team] Bug#1006758: python-cmarkgfm: CVE-2022-24724 - integer overflow in cmark extension prior to 0.29.0.gfm.3 and 0.28.3.gfm.21
Neil Williams
codehelp at debian.org
Fri Mar 4 11:45:14 GMT 2022
Source: python-cmarkgfm
Version: 0.4.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codehelp at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for python-cmarkgfm.
https://sources.debian.org/src/python-cmarkgfm/0.4.2-1/third_party/cmark/extensions/table.c/?hl=139#L139
CVE-2022-24724[0]:
| cmark-gfm is GitHub's extended version of the C reference
| implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and
| 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing
| `table.c:row_from_string` may lead to heap memory corruption when
| parsing tables who's marker rows contain more than UINT16_MAX columns.
| The impact of this heap corruption ranges from Information Leak to
| Arbitrary Code Execution depending on how and where `cmark-gfm` is
| used. If `cmark-gfm` is used for rendering remote user controlled
| markdown, this vulnerability may lead to Remote Code Execution (RCE)
| in applications employing affected versions of the `cmark-gfm`
| library. This vulnerability has been patched in the following cmark-
| gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is
| available. The vulnerability exists in the table markdown extensions
| of cmark-gfm. Disabling the table extension will prevent this
| vulnerability from being triggered.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-24724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24724
Please adjust the affected versions in the BTS as needed.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.16.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Python-modules-team
mailing list