Lucene search

Ubuntu.comUB:CVE-2024-22051

HistoryJan 04, 2024 - 12:00 a.m.

CVE-2024-22051

2024-01-0400:00:00

ubuntu.com

commonmarker vulnerability

remote code execution

integer overflow

information leak

remote attackers

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.1%

JSON

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow
vulnerability. This vulnerability can result in possibly unauthenticated
remote attackers to cause heap memory corruption, potentially leading to an
information leak or remote code execution, via parsing tables with marker
rows that contain more than UINT16_MAX columns.

Notes

Author	Note
rodrigo-zaiden	seems like it is the same as CVE-2022-24724, but for ruby-commonmarker.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchruby-commonmarker< anyUNKNOWN
ubuntu22.04noarchruby-commonmarker< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	ruby-commonmarker	< any	UNKNOWN
ubuntu	22.04	noarch	ruby-commonmarker	< any	UNKNOWN

References

bugzilla.redhat.com/show_bug.cgi?id=2256887

github.com/advisories/GHSA-fmx4-26r3-wxpf

github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x

github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3

github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 (v0.23.4)

github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf

launchpad.net/bugs/cve/CVE-2024-22051

nvd.nist.gov/vuln/detail/CVE-2024-22051

security-tracker.debian.org/tracker/CVE-2024-22051

vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf

www.cve.org/CVERecord?id=CVE-2024-22051

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for UB:CVE-2024-22051