Sha256: ecac4849f118f04b68559c7a3aacbb9a8732e00f765fb52d1c585c52eebca0bd

Contents?: true

Size: 546 Bytes

Versions: 6

Compression:

Stored size: 546 Bytes

Contents

---
gem: redcarpet
cve: 2015-5147
osvdb: 123859
url: http://seclists.org/oss-sec/2015/q2/818
title: redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow
date: 2015-06-22
description: |
  redcarpet Gem for Ruby contains a flaw that allows a stack overflow.
  This flaw exists because the header_anchor() function in html.c uses
  variable length arrays (VLA) without any range checking. This may
  allow a remote attacker to execute arbitrary code.
cvss_v2: 7.5
unaffected_versions:
  - "< 3.3.0"
patched_versions:
  - ">= 3.3.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/redcarpet/CVE-2015-5147.yml