Vulnerability Database

319,592

Total vulnerabilities in the database

CVE-2015-5147

Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Published: Jul 14, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-5147
GHSA: GHSA-7322-9mx6-5j2m
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
redcarpet_project / redcarpet	-	3.3.1.x
redcarpet	3.3.0	3.3.2

http://www.openwall.com/lists/oss-security/2015/06/29/3
http://www.openwall.com/lists/oss-security/2015/06/30/10
http://www.securityfocus.com/bid/75508
https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md
https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
https://web.archive.org/web/20150711061256/http://www.securityfocus.com/bid/75508

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo