Cmark-gfm@* Security Vulnerabilities and Issues — Cmark-gfm@* CVE List

GithubCmark-gfm*

10 matches found

CVE•added 2022/03/03 7:35 p.m.•141 views

CVE-2022-24724

CVE-2022-24724 affects cmark-gfm, GitHub’s extended CommonMark reference implementation. A heap memory overflow in table.c:row_from_string can occur when parsing table rows with more than UINT16_MAX columns, leading to information disclosure or arbitrary code execution depending on usage. Affecte...

9.8CVSS9.7AI score0.04189EPSS

CVE•added 2023/01/24 2:30 a.m.•109 views

CVE-2023-22486

The CVE-2023-22486 issue affects cmark-gfm (GitHub’s fork of cmark). Versions prior to 0.29.0.gfm.7 contain a polynomial-time complexity bug in handle_close_bracket that can lead to unbounded resource exhaustion and denial of service. The vulnerability is explicitly noted as patched in 0.29.0.gfm...

7.5CVSS5.3AI score0.00175EPSS

CVE•added 2023/03/31 10:1 p.m.•107 views

CVE-2023-26485

CVE-2023-26485 affects cmark-gfm (GitHub’s fork of cmark) and causes a polynomial-time denial-of-service when parsing inputs with very large sequences of underscores, due to a quadratic complexity in parsing. The issue has been addressed in version 0.29.0.gfm.10 ; upgrading to this version (or ap...

7.5CVSS6.6AI score0.00222EPSS

CVE•added 2022/09/15 12:0 a.m.•88 views

CVE-2022-39209

CVE-2022-39209 concerns cmark-gfm, GitHub’s fork of cmark (C). A polynomial-time complexity issue in the autolink extension during input parsing can cause unbounded resource exhaustion, leading to denial of service. Affected versions are prior to 0.29.0.gfm.6; patched in 0.29.0.gfm.6. Upgrading t...

7.5CVSS6.7AI score0.01405EPSS

CVE•added 2024/01/04 8:27 p.m.•79 views

CVE-2024-22051

CommonMarker (cmark-gfm) before version 0.23.4 is vulnerable to an integer overflow in table row parsing that can cause heap memory corruption, potentially enabling unauthenticated remote attackers to leak information or execute code when parsing tables with more than UINT16_MAX columns. Affected...

9.8CVSS8.7AI score0.12055EPSS

CVE•added 2023/01/23 10:42 p.m.•69 views

CVE-2023-22484

The CVE-2023-22484 issue affects cmark-gfm, GitHub’s fork of the C library cmark. It describes a polynomial-time complexity vulnerability in cmark-gfm that can lead to unbounded resource exhaustion and denial of service on affected versions. According to linked documents, versions prior to 0.29.0...

7.5CVSS5.3AI score0.0018EPSS

CVE•added 2023/07/13 7:22 p.m.•69 views

CVE-2023-37463

CVE-2023-37463 affects cmark-gfm (GitHub’s CommonMark extension); three polynomial-time complexity issues may cause unbounded resource exhaustion and DoS. These were patched in version 0.29.0.gfm.12. Upgrade to 0.29.0.gfm.12 or newer to remediate.

7.5CVSS7.1AI score0.00352EPSS

CVE•added 2023/01/23 10:36 p.m.•68 views

CVE-2023-22483

CVE-2023-22483 affects cmark-gfm, GitHub’s fork of the CommonMark C library. The issue is a set of polynomial-time complexity vulnerabilities in cmark-gfm that can cause unbounded resource exhaustion and denial of service when parsing large inputs, affecting versions prior to 0.29.0.gfm.7. Severa...

7.5CVSS6AI score0.0015EPSS

CVE•added 2023/01/24 12:26 a.m.•63 views

CVE-2023-22485

CVE-2023-22485 affects cmark-gfm (GitHub’s fork of cmark, C) at versions prior to 0.29.0.gfm.7. The vulnerability is an out-of-bounds read in the validate_protocol function caused by parsing crafted Markdown; impact is described as benign in practice, reading malloc metadata without visible damag...

5.3CVSS5.4AI score0.00175EPSS

CVE•added 2023/03/31 10:1 p.m.•58 views

CVE-2023-24824

CVE-2023-24824 affects cmark-gfm (GitHub’s fork of cmark) in C, where quadratic/polynomial parsing complexity can exhaust resources and cause DoS when processing inputs that begin with many ‘>’ or ‘-’. The issue is mitigated by upgrading to upstream 0.29.0.gfm.10; downstream ecosystems (e.g., ...

7.5CVSS6.2AI score0.00254EPSS