search

r-lib / commonmark

High Performance CommonMark and Github Markdown Rendering in R
https://docs.ropensci.org/commonmark/
Other
88 stars 11 forks source link

CVE-2022-24724 - integer overflow prior to 0.29.0.gfm.3 and 0.28.3.gfm.21 (cmark extension) #17

Closed tillea closed 2 years ago

tillea commented 2 years ago

The following vulnerability was published for commonmark

CVE-2022-24724 _cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:row_from_string may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where cmark-gfm is used. If cmark-gfm is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the cmark-gfm library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

Further information

Kind regards, Andreas.

tillea commented 2 years ago

Am Wed, Mar 09, 2022 at 06:19:44AM -0800 schrieb Jeroen Ooms:

Closed #17 via #18.

Thanks a lot. Do you plan to release a new upstream version of commonmark soon? This would simplify fixing the bugs inside the Debian package. Kind regards, Andreas.

jeroen commented 2 years ago

I've submitted it to CRAN. If there are no problems with the reverse dependencies it should be up later today.