Published: 24/01/2023 Updated: 02/02/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.

Vulnerable Product	Search on Vulmon	Subscribe to Product
github cmark-gfm

Debian Bug report logs - #1033110 cmark-gfm: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486 Package: src:cmark-gfm; Maintainer for src:cmark-gfm is Keith Packard <keithp@keithpcom>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 17 Mar 2023 13:54:04 UTC Severity: important Tags: security, u ...

CVE-2023-22485 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C In versions prior 0290gfm7, a crafted markdown document can trigger an out-of-bounds read in the validate_protocol function We believe this bug is harmless in practice, because the out-of-bounds read accesses malloc metadata without causing any visible dama

CWE-91 https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr https://github.com/Live-Hack-CVE/CVE-2023-22485 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-22485

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect