Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2024-22051

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year ago

CommonMarker Integer Overflow Vulnerability

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

References

https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x x_transferredrelated
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-w… vendor-advisoryx_transferred
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63… x_transferredpatch
https://github.com/advisories/GHSA-fmx4-26r3-wxpf x_transferredthird-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf x_transferredthird-party-advisory

Affected products

commonmarker

<0.23.4

Matching in nixpkgs

pkgs.rubyPackages.commonmarker

None

nixos-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_1.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_2.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_3.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_4.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10