Vulnerability Details CVE-2015-5147
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2015/06/29/3
- http://www.openwall.com/lists/oss-security/2015/06/30/10
- http://www.securityfocus.com/bid/75508
- https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
- http://www.openwall.com/lists/oss-security/2015/06/29/3
- http://www.openwall.com/lists/oss-security/2015/06/30/10
- http://www.securityfocus.com/bid/75508
- https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
Products affected by CVE-2015-5147
-
cpe:2.3:a:redcarpet_project:redcarpet:1.17.2
-
cpe:2.3:a:redcarpet_project:redcarpet:2.0.0
-
cpe:2.3:a:redcarpet_project:redcarpet:2.0.1
-
cpe:2.3:a:redcarpet_project:redcarpet:2.1.0
-
cpe:2.3:a:redcarpet_project:redcarpet:2.1.1
-
cpe:2.3:a:redcarpet_project:redcarpet:2.2.0
-
cpe:2.3:a:redcarpet_project:redcarpet:2.2.1
-
cpe:2.3:a:redcarpet_project:redcarpet:2.2.2
-
cpe:2.3:a:redcarpet_project:redcarpet:2.3.0
-
cpe:2.3:a:redcarpet_project:redcarpet:3.0.0
-
cpe:2.3:a:redcarpet_project:redcarpet:3.1.0
-
cpe:2.3:a:redcarpet_project:redcarpet:3.1.1
-
cpe:2.3:a:redcarpet_project:redcarpet:3.1.2
-
cpe:2.3:a:redcarpet_project:redcarpet:3.2.0
-
cpe:2.3:a:redcarpet_project:redcarpet:3.2.1
-
cpe:2.3:a:redcarpet_project:redcarpet:3.2.2
-
cpe:2.3:a:redcarpet_project:redcarpet:3.2.3
-
cpe:2.3:a:redcarpet_project:redcarpet:3.3.0
-
cpe:2.3:a:redcarpet_project:redcarpet:3.3.1