Vulnerability Details : CVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
Vulnerability category: OverflowMemory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2022-24724
Probability of exploitation activity in the next 30 days: 3.94%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-24724
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2022-24724
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-24724
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ/
[SECURITY] Fedora 36 Update: ghostwriter-2.1.2-1.fc36 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55K6VNVKO2G5SNKRCQ2KDG5SKTX5PVV/
[SECURITY] Fedora 34 Update: ghostwriter-2.1.2-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJBFIJEHJZEEDG6MO4MQHZYKUXELH77O/
[SECURITY] Fedora 35 Update: ghostwriter-2.1.2-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html
cmark-gfm Integer overflow ≈ Packet StormExploit;Third Party Advisory
-
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
Integer overflow in table parsing extension leads to heap memory corruption · Advisory · github/cmark-gfm · GitHubThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSKUOJ2VAYGTJXPDE2RRPMNLVVMKCI77/
[SECURITY] Fedora 36 Update: ghc-cmark-gfm-0.2.3-1.fc36 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC/
[SECURITY] Fedora 35 Update: ghc-cmark-gfm-0.2.3-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2/
[SECURITY] Fedora 34 Update: pandoc-citeproc-0.17.0.1-5.fc34 - package-announce - Fedora Mailing-ListsThird Party Advisory
Products affected by CVE-2022-24724
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*
- cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*