CVE-2022-24724 : cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 a

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

Published 2022-03-03 20:15:08

Updated 2022-04-18 18:37:56

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2022-24724

Probability of exploitation activity in the next 30 days: 3.94%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-24724

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-24724

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2022-24724

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ/

[SECURITY] Fedora 36 Update: ghostwriter-2.1.2-1.fc36 - package-announce - Fedora Mailing-Lists
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55K6VNVKO2G5SNKRCQ2KDG5SKTX5PVV/

[SECURITY] Fedora 34 Update: ghostwriter-2.1.2-1.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJBFIJEHJZEEDG6MO4MQHZYKUXELH77O/

[SECURITY] Fedora 35 Update: ghostwriter-2.1.2-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html

cmark-gfm Integer overflow ≈ Packet Storm
Exploit;Third Party Advisory
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x

Integer overflow in table parsing extension leads to heap memory corruption · Advisory · github/cmark-gfm · GitHub
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSKUOJ2VAYGTJXPDE2RRPMNLVVMKCI77/

[SECURITY] Fedora 36 Update: ghc-cmark-gfm-0.2.3-1.fc36 - package-announce - Fedora Mailing-Lists
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC/

[SECURITY] Fedora 35 Update: ghc-cmark-gfm-0.2.3-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2/

[SECURITY] Fedora 34 Update: pandoc-citeproc-0.17.0.1-5.fc34 - package-announce - Fedora Mailing-Lists
Third Party Advisory

Products affected by CVE-2022-24724

Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Matching versions
Github » Cmark-gfm
Versions after (>) 0.28.3.gfm.21 and before (<) 0.29.0.gfm.3
cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*
Matching versions
Github » Cmark-gfm
Versions before (<) 0.28.3.gfm.21
cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-24724

Exploit prediction scoring system (EPSS) score for CVE-2022-24724

CVSS scores for CVE-2022-24724

CWE ids for CVE-2022-24724

References for CVE-2022-24724

Products affected by CVE-2022-24724