cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.
References
Link | Resource |
---|---|
https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr | Exploit Third Party Advisory |
Configurations
History
02 Feb 2023, 14:11
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr - Exploit, Third Party Advisory | |
CWE | CWE-91 | |
CPE | cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:* | |
First Time |
Github cmark-gfm
Github |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
24 Jan 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-24 01:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22485
Mitre link : CVE-2023-22485
CVE.ORG link : CVE-2023-22485
JSON object : View
Products Affected
github
- cmark-gfm