Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-22486
HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-22486

2023-01-2621:18:12
Debian Security Bug Tracker
security-tracker.debian.org
12
cmark-gfm unbounded resource exhaustion denial of service unix polynomial time complexity issue patched cve-2023-22486 comma 0.29.0.gfm.7 github fork cmark commonmark parsing rendering library c

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.6%

cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.6%