Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

🗓️ 04 Sep 2025 03:31:17Reported by MicrosoftType 
mscve
 mscve🔗 msrc.microsoft.com👁 2 Views

Fixes DoS from infinite loop in gomarkdown paragraph parsing; commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252.

Related
Detection
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2024-44337
15 Oct 202413:44
githubexploit
CBLMariner		CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-11
28 Mar 202518:18
cbl_mariner
Chainguard		CVE-2024-44337 vulnerabilities
15 Oct 202420:15
cgr
Circl		CVE-2024-44337
15 Oct 202422:47
circl
CNNVD		Markdown 安全漏洞
15 Oct 202400:00
cnnvd
CVE		CVE-2024-44337
15 Oct 202400:00
cve
Cvelist		CVE-2024-44337
15 Oct 202400:00
cvelist
Debian CVE		CVE-2024-44337
15 Oct 202400:00
debiancve
Github Security Blog		Infinite loop in github.com/gomarkdown/markdown
15 Oct 202421:30
github
NVD		CVE-2024-44337
15 Oct 202420:15
nvd
Rows per page
Vulners
Node
microsoftcbl2_cri-o_1.22.3-14Range<1.22.3-11
OR
microsoftcbl2_cri-o_1.22.3-11Range<1.22.3-11

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Sep 2025 03:31Current
7High risk
Vulners AI Score7
CVSS 3.15.1
EPSS0.03663
SSVC
denial of serviceinfinite loopparagraph parsinggomarkdown librarycommit a2a9c4f76ef5a5c32108e36f7c47f8d310322252
2