RubySec

Providing security resources for the Ruby community

CVE-2015-5147 (redcarpet): redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow

ADVISORIES

GEM

redcarpet

SEVERITY

CVSS v2: 7.5

UNAFFECTED VERSIONS

  • < 3.3.0

PATCHED VERSIONS

  • >= 3.3.2

DESCRIPTION

redcarpet Gem for Ruby contains a flaw that allows a stack overflow. This flaw exists because the header_anchor() function in html.c uses variable length arrays (VLA) without any range checking. This may allow a remote attacker to execute arbitrary code.