Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-636F-XM5J-PJ9M
HistoryJan 24, 2023 - 6:12 p.m.

Several quadratic complexity bugs may lead to denial of service in Commonmarker

2023-01-2418:12:17
Google
osv.dev
12
commonmarker
quadratic complexity bugs
denial of service
cmark-gfm
cve-2023-22483
cve-2023-22484
cve-2023-22485
cve-2023-22486
unbounded resource exhaustion
upgrade
version 0.23.7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.2%

JSON

Impact

Several quadratic complexity bugs in commonmarker’s underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

For more information, consult the release notes for version 0.23.0.gfm.7.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.7.

Related

github 1
openvas 1
mageia 1
osv 5
ubuntucve 4
debiancve 4
cvelist 4
cve 4
nvd 4
alpinelinux 1
veracode 3
prion 4
github
github
Several quadratic complexity bugs may lead to denial of service in Commonmarker
2023-01-24 18:12:17
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0181)
2023-05-22 00:00:00
mageia
mageia
Updated cmark packages fix security vulnerability
2023-05-21 11:42:44
osv
osv
Denial of Service (DoS) vulnerabilities
2023-10-06 05:00:00
CVE-2023-22486
2023-01-26 21:18:12
CVE-2023-22484
2023-01-23 23:15:10
ubuntucve
ubuntucve
CVE-2023-22485
2023-01-24 00:00:00
CVE-2023-22484
2023-01-23 00:00:00
CVE-2023-22486
2023-01-26 00:00:00
debiancve
debiancve
CVE-2023-22483
2023-01-23 23:15:10
CVE-2023-22484
2023-01-23 23:15:10
CVE-2023-22486
2023-01-26 21:18:12
cvelist
cvelist
CVE-2023-22483 cmark-gfm Quadratic complexity bugs may lead to a denial of service
2023-01-23 22:36:14
CVE-2023-22486 cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service
2023-01-24 02:30:29
CVE-2023-22484 Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
2023-01-23 22:42:57
cve
cve
CVE-2023-22486
2023-01-26 21:18:12
CVE-2023-22484
2023-01-23 23:15:10
CVE-2023-22483
2023-01-23 23:15:10
nvd
nvd
CVE-2023-22486
2023-01-26 21:18:12
CVE-2023-22484
2023-01-23 23:15:10
CVE-2023-22483
2023-01-23 23:15:10
alpinelinux
alpinelinux
CVE-2023-22486
2023-01-26 21:18:12
veracode
veracode
Denial Of Service (DoS)
2023-01-27 05:16:48
Denial Of Service (DoS)
2023-02-02 06:11:27
Denial Of Service (DoS)
2023-01-27 05:10:05
prion
prion
Denial of service
2023-01-23 23:15:00
Out-of-bounds
2023-01-24 01:15:00
Denial of service
2023-01-26 21:18:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.2%

JSON
Related for OSV:GHSA-636F-XM5J-PJ9M
github1openvas1mageia1osv5ubuntucve4debiancve4cvelist4cve4nvd4alpinelinux1veracode3prion4