Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 12:52:13 -0400
From: Giancarlo Canales <gcanalesb@...com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Cc: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: CVE request: Stack overflow in redcarpet's header_anchor

After examining the redcarpet source code, I noticed that header_anchor uses variable length arrays (VLA) without any range checking.

This is conducive to a stack overflow, followed by the potential for arbitrary code execution.

Redcarpet is a Markdown parser library.

I'm requesting a CVE number for this vulnerability.

Title: Stack overflow in redcarpet's header_anchor
Products: redcarpet
Affects: v3.3.0 - v3.3.1
Type: Stack overflow
First CVE request: Yes
Fixed: Yes, v3.3.2

Fix:
https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb

Changelog:
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md

Thanks, 

Giancarlo Canales Barreto

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ