Skip to content

redcarpet Buffer Overflow vulnerability

High severity GitHub Reviewed Published Aug 15, 2018 to the GitHub Advisory Database • Updated Mar 30, 2023

Package

bundler redcarpet (RubyGems)

Affected versions

>= 3.3.0, < 3.3.2

Patched versions

3.3.2

Description

Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

References

Published to the GitHub Advisory Database Aug 15, 2018
Reviewed Jun 16, 2020
Last updated Mar 30, 2023

Severity

High

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(78th percentile)

Weaknesses

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. Learn more on MITRE.

CVE ID

CVE-2015-5147

GHSA ID

GHSA-7322-9mx6-5j2m

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.