Lucene search

K
mageiaGentoo FoundationMGASA-2023-0181
HistoryMay 21, 2023 - 11:42 a.m.

Updated cmark packages fix security vulnerability

2023-05-2111:42:44
Gentoo Foundation
advisories.mageia.org
16
cmark
security vulnerability
quadratic complexity
denial of service
cve
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.6%

cmark incorrectly handled certain inputs. Fixes quadratic complexity in handle_close_bracket “![” which may lead to a denial of service (CVE-2023-22486). Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE (CVE-2023-22484).

OSVersionArchitecturePackageVersionFilename
Mageia8noarchcmark< 0.30.3-1cmark-0.30.3-1.mga8

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.6%