cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-24T00:26:57.671Z

Updated: 2024-08-02T10:13:48.514Z

Reserved: 2022-12-29T17:41:28.088Z

Link: CVE-2023-22485

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-24T01:15:10.593

Modified: 2024-11-21T07:44:54.113

Link: CVE-2023-22485

cve-icon Redhat

No data.