Vulnerability Details CVE-2024-22051
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.6%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/advisories/GHSA-fmx4-26r3-wxpf
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
- https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
- https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
- https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
- https://github.com/advisories/GHSA-fmx4-26r3-wxpf
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
- https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
- https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
- https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
Products affected by CVE-2024-22051
-
cpe:2.3:a:github:cmark-gfm:-
-
cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.0
-
cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.1
-
cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.2
-
cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.3
-
cpe:2.3:a:github:cmark-gfm:0.27.1.gfm.4
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.10
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.11
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.5
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.6
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.7
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.8
-
cpe:2.3:a:github:cmark-gfm:0.28.0.gfm.9
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.12
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.13
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.14
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.15
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.16
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.17
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.18
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.19
-
cpe:2.3:a:github:cmark-gfm:0.28.3.gfm.20
-
cpe:2.3:a:github:cmark-gfm:0.29.0.gfm.0
-
cpe:2.3:a:github:cmark-gfm:0.29.0.gfm.1
-
cpe:2.3:a:github:cmark-gfm:0.29.0.gfm.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.0.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.1.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.1.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.1.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.1.3
-
cpe:2.3:a:gjtorikian:commonmarker:0.10.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.11.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.12.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.13.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.10
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.11
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.12
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.13
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.14
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.15
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.16
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.3
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.4
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.5
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.6
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.7
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.8
-
cpe:2.3:a:gjtorikian:commonmarker:0.14.9
-
cpe:2.3:a:gjtorikian:commonmarker:0.15.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.3
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.4
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.5
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.6
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.7
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.8
-
cpe:2.3:a:gjtorikian:commonmarker:0.16.9
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.10
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.11
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.12
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.13
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.14
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.3
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.4
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.5
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.6
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.7
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.7.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.8
-
cpe:2.3:a:gjtorikian:commonmarker:0.17.9
-
cpe:2.3:a:gjtorikian:commonmarker:0.18.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.18.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.18.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.18.3
-
cpe:2.3:a:gjtorikian:commonmarker:0.19.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.2.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.2.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.20.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.20.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.20.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.21.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.21.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.21.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.22.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.23.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.23.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.23.2
-
cpe:2.3:a:gjtorikian:commonmarker:0.3.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.4.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.4.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.5.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.5.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.6.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.7.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.8.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.9.0
-
cpe:2.3:a:gjtorikian:commonmarker:0.9.1
-
cpe:2.3:a:gjtorikian:commonmarker:0.9.2