We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-37463

Quadratic complexity bugs may lead to a denial of service



AssignerGitHub_M
Reserved2023-07-06
Published2023-07-13
Updated2024-10-30

Description

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.



MEDIUM: 6.4CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Product status

< 0.29.0.gfm.12
affected

References

https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5

https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12

cve.org CVE-2023-37463

nvd.nist.gov CVE-2023-37463

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-37463
Subscribe to our newsletter to learn more about our work.