Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 12:52:13 -0400
From: Giancarlo Canales <>
To: "" <>
Cc: "" <>
Subject: CVE request: Stack overflow in redcarpet's header_anchor

After examining the redcarpet source code, I noticed that header_anchor uses variable length arrays (VLA) without any range checking.

This is conducive to a stack overflow, followed by the potential for arbitrary code execution.

Redcarpet is a Markdown parser library.

I'm requesting a CVE number for this vulnerability.

Title: Stack overflow in redcarpet's header_anchor
Products: redcarpet
Affects: v3.3.0 - v3.3.1
Type: Stack overflow
First CVE request: Yes
Fixed: Yes, v3.3.2




Giancarlo Canales Barreto

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ