CVE-2024-22051: CommonMarker Integer Overflow Vulnerability

Description

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

Classification

CVE ID: CVE-2024-22051

Problem Types

CWE-190 Integer Overflow or Wraparound

Affected Products

Vendor:

Product:

Exploit Prediction Scoring System (EPSS)

EPSS Score: 5.38% (probability of being exploited)

EPSS Percentile: 89.55% (scored less or equal to compared to others)

EPSS Date: 2025-05-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-22051
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
https://github.com/advisories/GHSA-fmx4-26r3-wxpf
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf

Timeline

2025-04-17 19:40:18 UTC
CVE

CommonMarker Integer Overflow Vulnerability