GHSA-fmx4-26r3-wxpf: 
Ruby vulnerability analysis and mitigation

CommonMarker versions prior to 0.23.4 contain an integer overflow vulnerability in the cmark-gfm table parsing extension (CVE-2024-22051). The vulnerability was discovered in March 2022 and affects the table parsing functionality when processing tables with marker rows containing more than UINT16_MAX columns (GitHub Advisory).

The vulnerability stems from an integer overflow condition in cmark-gfm's table row parsing functionality. The issue occurs specifically in the table.c:row_from_string component when parsing tables whose marker rows exceed UINT16_MAX columns. This vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can result in heap memory corruption when exploited, with potential impacts ranging from information leaks to remote code execution (RCE). This is particularly critical when CommonMarker is used for rendering remote user-controlled markdown content (GitHub Advisory).

The vulnerability has been patched in CommonMarker version 0.23.4. For users unable to update immediately, a workaround is available by disabling the table markdown extension, which will prevent the vulnerability from being triggered (GitHub Advisory).