CVE-2015-5147 (redcarpet): redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow

June 22nd, 2015

ADVISORIES

CVE-2015-5147 (NVD)
GHSA-7322-9mx6-5j2m
OSVDB-123859
Vendor Advisory

GEM

redcarpet

SEVERITY

CVSS v2.0: 7.5 (High)

UNAFFECTED VERSIONS

< 3.3.0

PATCHED VERSIONS

>= 3.3.2

DESCRIPTION

redcarpet Gem for Ruby contains a flaw that allows a stack overflow. This flaw exists because the header_anchor() function in html.c uses variable length arrays (VLA) without any range checking. This may allow a remote attacker to execute arbitrary code.

RubySec