Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-24724
  • Github » Cmark-Gfm » Version: N/A
    cpe:2.3:a:github:cmark-gfm:-
  • Github » Cmark-Gfm » Version: 0.27.1.gfm.0
    cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.0
  • Github » Cmark-Gfm » Version: 0.27.1.gfm.1
    cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.1
  • Github » Cmark-Gfm » Version: 0.27.1.gfm.2
    cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.2
  • Github » Cmark-Gfm » Version: 0.27.1.gfm.3
    cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.3
  • Github » Cmark-Gfm » Version: 0.27.1.gfm.4
    cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.4
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.10
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.10
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.11
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.11
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.5
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.5
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.6
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.6
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.7
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.7
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.8
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.8
  • Github » Cmark-Gfm » Version: 0.28.0.gfm.9
    cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.9
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.12
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.12
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.13
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.13
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.14
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.14
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.15
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.15
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.16
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.16
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.17
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.17
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.18
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.18
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.19
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.19
  • Github » Cmark-Gfm » Version: 0.28.3.gfm.20
    cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.20
  • Github » Cmark-Gfm » Version: 0.29.0.gfm.0
    cpe:2.3:a:github:cmark-gfm:0.29.0.gfm.0
  • Github » Cmark-Gfm » Version: 0.29.0.gfm.1
    cpe:2.3:a:github:cmark-gfm:0.29.0.gfm.1
  • Github » Cmark-Gfm » Version: 0.29.0.gfm.2
    cpe:2.3:a:github:cmark-gfm:0.29.0.gfm.2
  • Fedoraproject » Fedora » Version: 34
    cpe:2.3:o:fedoraproject:fedora:34
  • Fedoraproject » Fedora » Version: 35
    cpe:2.3:o:fedoraproject:fedora:35
  • Fedoraproject » Fedora » Version: 36
    cpe:2.3:o:fedoraproject:fedora:36


Products
Pricing
Contact Us

Shodan ® - All rights reserved