← back
CVE-2024-22051

CommonMarker Integer Overflow Vulnerability

CVSS 9.8 CRITICALEPSS 1.5%CWE-190
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
04 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
commonmarker

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/advisories/GHSA-fmx4-26r3-wxpfhttps://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4xhttps://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpfhttps://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf