Impact
A crafted markdown document can trigger an out-of-bounds read in the validate_protocol function, at autolink.c:277 and autolink.c:282.
We believe this bug is harmless in practice, because the out-of-bounds read accesses malloc metadata without any causing any visible damage.
Proof-of-concept
The out-of-bounds access can be triggered like this:
echo "to:person@example.com" | ./src/cmark-gfm -e autolink
Patches
This vulnerability has been patched in 0.29.0.gfm.7.
For more information
If you have any questions or comments about this advisory:
kevinbackhouse Analyst
Impact
A crafted markdown document can trigger an out-of-bounds read in the
validate_protocolfunction, at autolink.c:277 and autolink.c:282.We believe this bug is harmless in practice, because the out-of-bounds read accesses
mallocmetadata without any causing any visible damage.Proof-of-concept
The out-of-bounds access can be triggered like this:
Patches
This vulnerability has been patched in
0.29.0.gfm.7.For more information
If you have any questions or comments about this advisory: