CVE-2022-41220
Published: 21 September 2022
Summary
CVE-2022-41220 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Md2Roff Project Md2Roff. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
md2roff version 1.9 contains a stack-based buffer overflow vulnerability, tracked as CVE-2022-41220 and assigned CWE-787, that is triggered when the tool processes a crafted Markdown file. This issue is distinct from the earlier CVE-2022-34913 and affects the same utility; the vendor has stated that the product is not intended to handle untrusted input.
An unauthenticated attacker can supply a malicious Markdown document over the network and trigger the flaw, resulting in arbitrary code execution or memory corruption that yields full control over confidentiality, integrity, and availability of the affected system. The vulnerability carries a CVSS 3.1 base score of 9.8, reflecting the absence of required authentication or user interaction.
The referenced GitHub issue provides the initial disclosure details but contains no vendor-supplied patches or configuration work-arounds. The associated EPSS score has remained flat at 0.1263 since publication, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44461
Vulnerability details
md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.