CVE-2023-24824
Summary
| CVE | CVE-2023-24824 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-31 23:15:00 UTC |
| Updated | 2023-04-11 06:25:00 UTC |
| Description | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. |
Risk And Classification
Problem Types: CWE-407 | CWE-400
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Quadratic complexity bugs may lead to a denial of service · Advisory · github/cmark-gfm · GitHub | MISC | github.com | |
| Merge pull request from GHSA-66g8-4hjf-77xh · github/cmark-gfm@2300c1b · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.