oss-sec mailing list archives
CVE request: Stack overflow in redcarpet's header_anchor
From: Giancarlo Canales <gcanalesb () me com>
Date: Mon, 29 Jun 2015 12:52:13 -0400
After examining the redcarpet source code, I noticed that header_anchor uses variable length arrays (VLA) without any range checking. This is conducive to a stack overflow, followed by the potential for arbitrary code execution. Redcarpet is a Markdown parser library. I'm requesting a CVE number for this vulnerability. Title: Stack overflow in redcarpet's header_anchor Products: redcarpet Affects: v3.3.0 - v3.3.1 Type: Stack overflow First CVE request: Yes Fixed: Yes, v3.3.2 Fix: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb Changelog: https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md Thanks, Giancarlo Canales Barreto
Current thread:
- Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 17)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)
- Re: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch Giancarlo Canales (Jun 18)
- CVE request: Stack overflow in redcarpet's header_anchor Giancarlo Canales (Jun 29)
- Re: CVE request: Stack overflow in redcarpet's header_anchor cve-assign (Jun 30)
- Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch cve-assign (Jun 18)