Giancarlo Canales Barreto

3 exploits Active since Jun 2015
CVE-2015-4590 WRITEUP WRITEUP
ArduinoJson < 4.4 - Denial of Service via Malformed JSON String
The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and over-read.
CVE-2015-5147 WRITEUP WRITEUP
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2020-26298 WRITEUP MEDIUM WRITEUP
Redcarpet < 3.5.1 - Cross-Site Scripting via Quote Processing
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
CVSS 6.8