How to fix CVE-2024-22051?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Is Integer Overflow affected by CVE-2024-22051?

CVE-2024-22051 presents critical security risk, a integer overflow vulnerability rated CVSS 9.8. Exploitation could allow attackers to corrupt memory, crash the application, or potentially execute arbitrary code. A patch is available and should be applied immediately given the critical severity.

CVE-2024-22051

CRITICAL

2024-01-04 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:33 vuln.today

Patch Released

Mar 28, 2026 - 19:33 nvd

Patch available

CVE Published

Jan 04, 2024 - 21:15 nvd

CRITICAL 9.8

Description

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

Analysis

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical Context

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. Affected products include: Github Cmark-Gfm, Gjtorikian Commonmarker. Version information: prior to 0.23.4.

Affected Products

Github Cmark-Gfm, Gjtorikian Commonmarker.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +7.1

CVSS: +49

POC: 0

CVE-2024-22051 vulnerability details – vuln.today

Back

CVE-2024-22051

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-22051

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code