commonmarker 0.9.1
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
high severity GHSA-fmx4-26r3-wxpf>= 0.23.4
Impact
CommonMarker uses cmark-gfm
for rendering Github Flavored Markdown.
An integer overflow in cmark-gfm
's table row parsing
may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX
columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution.
If affected versions of CommonMarker are used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE).
Patches
This vulnerability has been patched in the following CommonMarker release:
- v0.23.4
Workarounds
The vulnerability exists in the table markdown extensions of cmark-gfm
. Disabling any use of the
table extension will prevent this vulnerability from being triggered.
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
high severity GHSA-48wp-p9qv-4j64>= 0.23.9
Impact
Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
- CVE-2023-24824
- CVE-2023-26485
For more information, consult the release notes for versions 0.23.0.gfm.10 and 0.23.0.gfm.11.
Mitigation
Users are advised to upgrade to commonmarker version 0.23.9
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
high severity CVE-2024-22051>= 0.23.4
Impact
CommonMarker uses cmark-gfm
for rendering
Github Flavored Markdown.
An integer overflow in cmark-gfm
's table row parsing
may lead to heap memory corruption when parsing tables who's marker
rows contain more than UINT16_MAX columns. The impact of this heap
corruption ranges from Information Leak to Arbitrary Code Execution.
If affected versions of CommonMarker are used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE).
Patches
This vulnerability has been patched in the following CommonMarker release:
- v0.23.4
Workarounds
The vulnerability exists in the table markdown extensions of
cmark-gfm
. Disabling any use of the table extension will prevent
this vulnerability from being triggered.
References
Acknowledgements
We would like to thank Felix Wilhelm of Google's Project Zero for reporting this vulnerability
For more information
If you have any questions or comments about this advisory:
- Open an issue in CommonMarker
Several quadratic complexity bugs may lead to denial of service in Commonmarker
medium severity GHSA-7vh7-fw88-wj87>= 0.23.10
Impact
Several quadratic complexity bugs in commonmarker's underlying
cmark-gfm
library may
lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
For more information, consult the release notes for version
0.29.0.gfm.12
.
Mitigation
Users are advised to upgrade to commonmarker version
0.23.10
.
Several quadratic complexity bugs may lead to denial of service in Commonmarker
medium severity GHSA-636f-xm5j-pj9m>= 0.23.7
Impact
Several quadratic complexity bugs in commonmarker's underlying cmark-gfm
library may lead to unbounded resource exhaustion and subsequent denial of service.
The following vulnerabilities were addressed:
For more information, consult the release notes for version
0.23.0.gfm.7
.
Mitigation
Users are advised to upgrade to commonmarker version 0.23.7
.
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
medium severity GHSA-4qw4-jpp4-8gvp>= 0.23.6
Impact
CommonMarker uses cmark-gfm
for rendering Github Flavored
Markdown. A polynomial time complexity issue
in cmark-gfm's autolink extension may lead to unbounded resource exhaustion
and subsequent denial of service.
Patches
This vulnerability has been patched in the following CommonMarker release:
- v0.23.6
Workarounds
Disable use of the autolink extension.
References
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.