CVE-2023-22485 - Vulnerability Details - OpenCVE

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Github	Cmark-gfm

Configuration 1 [-]

cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr

History

Mon, 10 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-24T00:26:57.671Z

Updated: 2025-03-10T21:20:51.304Z

Reserved: 2022-12-29T17:41:28.088Z

Link: CVE-2023-22485

Vulnrichment

Updated: 2024-08-02T10:13:48.514Z

NVD

Status : Modified

Published: 2023-01-24T01:15:10.593

Modified: 2024-11-21T07:44:54.113

Link: CVE-2023-22485

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22485", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-12-29T17:41:28.088Z", "datePublished": "2023-01-24T00:26:57.671Z", "dateUpdated": "2025-03-10T21:20:51.304Z"}, "containers": {"cna": {"title": "cmark-gfm out-of-bounds read in validate_protocol", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr"}], "affected": [{"vendor": "github", "product": "cmark-gfm", "versions": [{"version": "< 0.29.0.gfm.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-24T00:26:57.671Z"}, "descriptions": [{"lang": "en", "value": "cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7."}], "source": {"advisory": "GHSA-c944-cv5f-hpvr", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:48.514Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T21:02:09.252840Z", "id": "CVE-2023-22485", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:20:51.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr", "name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:48.514Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22485", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T21:02:09.252840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:02:10.472Z"}}], "cna": {"title": "cmark-gfm out-of-bounds read in validate_protocol", "source": {"advisory": "GHSA-c944-cv5f-hpvr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "github", "product": "cmark-gfm", "versions": [{"status": "affected", "version": "< 0.29.0.gfm.7"}]}], "references": [{"url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr", "name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-24T00:26:57.671Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22485", "state": "PUBLISHED", "dateUpdated": "2025-03-10T21:20:51.304Z", "dateReserved": "2022-12-29T17:41:28.088Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-01-24T00:26:57.671Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:github:cmark-gfm:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEFD0856-0CFF-4D0F-B9D5-02F4A537C5CE", "versionEndExcluding": "0.29.0.gfm.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7."}, {"lang": "es", "value": "cmmark-gfm es la bifurcaci\u00f3n de GitHub de cmark, una librer\u00eda y programa de an\u00e1lisis y representaci\u00f3n de CommonMark en C. En versiones anteriores a la 0.29.0.gfm.7, un documento de rebajas manipulado puede desencadenar una lectura fuera de los l\u00edmites en la funci\u00f3n `validate_protocol` . Creemos que este error es inofensivo en la pr\u00e1ctica, porque la lectura fuera de los l\u00edmites accede a los metadatos \"malloc\" sin causar ning\u00fan da\u00f1o visible. Esta vulnerabilidad ha sido parcheada en 0.29.0.gfm.7."}], "id": "CVE-2023-22485", "lastModified": "2024-11-21T07:44:54.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-24T01:15:10.593", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-91"}], "source": "nvd@nist.gov", "type": "Primary"}]}