Description
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/29/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/30/10
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75508
Scores
EPSS
0.0115
EPSS Percentile
78.6%
Details
CWE
CWE-119
Status
published
Products (2)
redcarpet_project/redcarpet
< 3.3.1
rubygems/redcarpet
3.3.0 - 3.3.2RubyGems
Published
Jul 14, 2015
Tracked Since
Feb 18, 2026