redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow
Published: June 22, 2015
SECURITY IDENTIFIERS
- CVE: CVE-2015-5147 (NVD)
- GHSA: GHSA-7322-9mx6-5j2m
- OSVDB: OSVDB-123859
- Vendor Advisory: http://seclists.org/oss-sec/2015/q2/818
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
UNAFFECTED VERSIONS
< 3.3.0
PATCHED VERSIONS
>= 3.3.2
DESCRIPTION
redcarpet Gem for Ruby contains a flaw that allows a stack overflow. This flaw exists because the header_anchor() function in html.c uses variable length arrays (VLA) without any range checking. This may allow a remote attacker to execute arbitrary code.