Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Infinite loop in github.com/gomarkdown/markdown

🗓️ 15 Oct 2024 21:30:39Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 14 Views

Infinite loop in github.com/gomarkdown/markdown prior to version v0.0.0-20240729232818-a2a9c4f caused denial of service (DoS) by remote attacker

Related
Detection
Refs
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2024-44337
15 Oct 202413:44
githubexploit
CBLMariner		CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-11
28 Mar 202518:18
cbl_mariner
Chainguard		CVE-2024-44337 vulnerabilities
15 Oct 202420:15
cgr
Circl		CVE-2024-44337
15 Oct 202422:47
circl
CNNVD		Markdown 安全漏洞
15 Oct 202400:00
cnnvd
CVE		CVE-2024-44337
15 Oct 202400:00
cve
Cvelist		CVE-2024-44337
15 Oct 202400:00
cvelist
Debian CVE		CVE-2024-44337
15 Oct 202400:00
debiancve
Microsoft CVE		The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.
4 Sep 202503:31
mscve
NVD		CVE-2024-44337
15 Oct 202420:15
nvd
Rows per page
Vulners
Node
gomarkdownmarkdownRange<0.0.0-20240729212818-a2a9c4f76ef5go

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Dec 2024 17:59Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.15.1
EPSS0.03663
SSVC
CWE-835
githubgomarkdownmarkdownparsinghtmllogical problemdenial of serviceremote attackerfixvulnerability
14