Bug 936767 (CVE-2015-5147) - VUL-1: CVE-2015-5147: rubygem-redcarpet: Stack overflow in redcarpet's header_anchor
Summary: VUL-1: CVE-2015-5147: rubygem-redcarpet: Stack overflow in redcarpet's header...
Status: RESOLVED FIXED
Alias: CVE-2015-5147
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Cloud Bugs
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/118151/
Whiteboard: CVSSv2:NVD:CVE-2015-5147:7.5:(AV:N/AC...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-01 13:00 UTC by Andreas Stieger
Modified: 2017-08-10 12:33 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-07-01 13:00:04 UTC 
via oss-sec:

https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb

https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md#version-332

> Version 3.3.2
> Fix a potential security issue in the HTML renderer (Thanks to Giancarlo Canales for the heads up)

header_anchor uses variable length arrays (VLA) without any range checking.
This is conducive to a stack overflow, followed by the potential for arbitrary code execution.

Use CVE-2015-5147.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5147
http://seclists.org/oss-sec/2015/q2/829
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5147.html
Comment 2 Swamp Workflow Management 2015-07-01 22:00:37 UTC 
bugbot adjusting priority
Comment 3 Johannes Segitz 2017-08-10 12:33:21 UTC 
fixed