Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <1E5ABE12-1C64-492D-AEA4-FAC8EE1B2151@me.com>
Date: Mon, 29 Jun 2015 12:52:13 -0400
From: Giancarlo Canales <gcanalesb@...com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Cc: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: CVE request: Stack overflow in redcarpet's header_anchor

After examining the redcarpet source code, I noticed that header_anchor uses variable length arrays (VLA) without any range checking.

This is conducive to a stack overflow, followed by the potential for arbitrary code execution.

Redcarpet is a Markdown parser library.

I'm requesting a CVE number for this vulnerability.

Title: Stack overflow in redcarpet's header_anchor
Products: redcarpet
Affects: v3.3.0 - v3.3.1
Type: Stack overflow
First CVE request: Yes
Fixed: Yes, v3.3.2

Fix:
https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb

Changelog:
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md

Thanks, 

Giancarlo Canales Barreto

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.