Bugzilla – Bug 1196742
VUL-0: CVE-2022-24724: ghc-cmark-gfm: possible RCE due to integer overflow
Last modified: 2022-03-04 14:46:12 UTC
rh#2060662 ----------------------------------- Only might affecting: SUSE:Factory:Head/ghc-cmark-gfm It looks like our current version 0.2.2 is quite behind the official upstream release 0.29.0.gfm.3. So it is a bit unsure if the old version is actually affected or not. ----------------------------------- cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x References: https://bugzilla.redhat.com/show_bug.cgi?id=2060662 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24724 https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x