Lucene search

[email protected]NVD:CVE-2023-22485

HistoryJan 24, 2023 - 1:15 a.m.

CVE-2023-22485

2023-01-2401:15:10

CWE-91

CWE-125

[email protected]

web.nvd.nist.gov

cmark-gfm

out-of-bounds read

vulnerability

patched

0.29.0.gfm.7

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validate_protocol function. We believe this bug is harmless in practice, because the out-of-bounds read accesses malloc metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.

Affected configurations

Nvd

Node

githubcmark-gfmRange<0.29.0.gfm.7

VendorProductVersionCPE
githubcmark-gfm*cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
github	cmark-gfm	*	cpe:2.3:a:github:cmark-gfm::::::::

References

github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Related for NVD:CVE-2023-22485

ubuntucve1 cve1 osv3 cvelist1 prion1 debiancve1 github1