Lucene search

K
cvelistGitHub_MCVELIST:CVE-2023-37463
HistoryJul 13, 2023 - 7:22 p.m.

CVE-2023-37463 Quadratic complexity bugs may lead to a denial of service

2023-07-1319:22:16
CWE-400
GitHub_M
www.cve.org
cmark-gfm
security update
denial of service vulnerabilities
0.29.0.gfm.12
resource exhaustion
commonmark

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.

CNA Affected

[
  {
    "vendor": "github",
    "product": "cmark-gfm",
    "versions": [
      {
        "version": "< 0.29.0.gfm.12",
        "status": "affected"
      }
    ]
  }
]

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%