6 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-22485
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document ca...
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486 For more information, consu...
GHSA-636F-XM5J-PJ9M Several quadratic complexity bugs may lead to denial of service in Commonmarker
Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485 CVE-2023-22486 For more information, consu...
CVE-2023-22485
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validateprotocol function. We believe this bug is harmless in practice, because the out-of-bounds...
CVE-2023-22485
CVE-2023-22485 affects cmark-gfm (GitHub’s fork of cmark, C) at versions prior to 0.29.0.gfm.7. The vulnerability is an out-of-bounds read in the validate_protocol function caused by parsing crafted Markdown; impact is described as benign in practice, reading malloc metadata without visible damag...
CVE-2023-22485 cmark-gfm out-of-bounds read in validate_protocol
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validateprotocol function. We believe this bug is harmless in practice, because the out-of-bounds...