COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-22051

CVE-2024-22051

Severity
critical
Source
NVD · cve
Published
2024-01-04
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-22051

Players implicated

GitHub · vendorgjtorikian · vendorcmark-gfm · productcommonmarker · product

Description

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
GitHub Enterprise Cloud GitHub Authorized vendor-exact · 0.90