CVE-2024-22051
📋 TL;DR
CommonMarker versions before 0.23.4 have an integer overflow vulnerability when parsing markdown tables with more than 65,535 columns. This allows unauthenticated remote attackers to cause heap memory corruption, potentially leading to information disclosure or remote code execution. Any application using vulnerable CommonMarker versions to parse untrusted markdown content is affected.
💻 Affected Systems
- CommonMarker
- cmark-gfm (GitHub Flavored Markdown parser)
📦 What is this software?
Cmark Gfm by Github
Cmark Gfm by Github
Commonmarker by Gjtorikian
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise
Likely Case
Denial of service through application crashes or information disclosure via memory corruption
If Mitigated
Limited impact if input validation prevents parsing of malicious tables
🎯 Exploit Status
Exploitation requires crafting malicious markdown tables with excessive columns. No public exploit code identified at advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: CommonMarker 0.23.4
Vendor Advisory: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
Restart Required: Yes
Instructions:
1. Update CommonMarker gem: 'gem update commonmarker'
2. Verify version >= 0.23.4
3. Restart any services using CommonMarker
4. Test markdown parsing functionality
🔧 Temporary Workarounds
Input validation for markdown tables
allValidate or sanitize markdown input to reject tables with excessive columns before parsing
Disable table parsing
allConfigure CommonMarker to disable table parsing if not required
🧯 If You Can't Patch
- Implement strict input validation to reject markdown with tables containing >65535 columns
- Isolate CommonMarker parsing to sandboxed environments with limited privileges
🔍 How to Verify
Check if Vulnerable:
Check CommonMarker version: 'gem list commonmarker' or examine Gemfile.lock for version < 0.23.4Check Version:
ruby -e "require 'commonmarker'; puts CommonMarker::VERSION"Verify Fix Applied:
Confirm CommonMarker version >= 0.23.4 and test parsing of markdown tables📡 Detection & Monitoring
Log Indicators:
- Application crashes during markdown parsing
- Memory allocation errors in logs
- Unusual markdown parsing failures
Network Indicators:
- Incoming markdown content with extremely large tables
- Unusually large markdown payloads
SIEM Query:
source="application.log" AND ("commonmarker" OR "markdown parse") AND ("crash" OR "segfault" OR "memory error")🔗 References
- https://github.com/advisories/GHSA-fmx4-26r3-wxpf
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
- https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
- https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
- https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
- https://github.com/advisories/GHSA-fmx4-26r3-wxpf
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
- https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3
- https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
- https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf
