{
  "threat_severity" : "Important",
  "public_date" : "2024-01-04T00:00:00Z",
  "bugzilla" : {
    "description" : "commonmarker: integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption",
    "id" : "2256887",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2256887"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-190",
  "details" : [ "CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.", "An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns." ],
  "statement" : "The way the commonmarker gem is used in API Management Platform, doesn't allow for any significant crossing of security boundaries.",
  "package_state" : [ {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Affected",
    "package_name" : "commonmarker",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-22051\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-22051\nhttps://github.com/advisories/GHSA-fmx4-26r3-wxpf" ],
  "name" : "CVE-2024-22051",
  "mitigation" : {
    "value" : "Disabling any use of the table extension of cmark-gfm will prevent this vulnerability from being triggered.",
    "lang" : "en:us"
  },
  "csaw" : false
}