| Name | CVE-2024-22051 |
| Description | CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| ruby-commonmarker (PTS) | buster | 0.17.9-1 | vulnerable |
| bullseye | 0.21.0-1 | vulnerable | |
| bookworm | 0.23.6-1 | fixed | |
| trixie, sid | 0.23.10-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ruby-commonmarker | source | (unstable) | 0.23.4-1 |
[bullseye] - ruby-commonmarker <no-dsa> (Minor issue)
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 (v0.23.4)
This is a specific CVE assignment for the issue covered in CVE-2022-24724
https://bugzilla.redhat.com/show_bug.cgi?id=2256887