Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. As a workaround, avoid passing large inputs to YAJL.Ĭmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. Maintainers believe exploitation for arbitrary code execution is unlikely. This vulnerability mostly impacts process availability. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. This vulnerability affects Firefox alloc into a small heap chunk. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |