7 matches found
CVE-2023-22486
The CVE-2023-22486 issue affects cmark-gfm (GitHub’s fork of cmark). Versions prior to 0.29.0.gfm.7 contain a polynomial-time complexity bug in handle_close_bracket that can lead to unbounded resource exhaustion and denial of service. The vulnerability is explicitly noted as patched in 0.29.0.gfm...
CVE-2023-26485
CVE-2023-26485 affects cmark-gfm (GitHub’s fork of cmark) and causes a polynomial-time denial-of-service when parsing inputs with very large sequences of underscores, due to a quadratic complexity in parsing. The issue has been addressed in version 0.29.0.gfm.10 ; upgrading to this version (or ap...
CVE-2023-37463
CVE-2023-37463 affects cmark-gfm (GitHub’s CommonMark extension); three polynomial-time complexity issues may cause unbounded resource exhaustion and DoS. These were patched in version 0.29.0.gfm.12. Upgrade to 0.29.0.gfm.12 or newer to remediate.
CVE-2022-39209
CVE-2022-39209 concerns cmark-gfm, GitHub’s fork of cmark (C). A polynomial-time complexity issue in the autolink extension during input parsing can cause unbounded resource exhaustion, leading to denial of service. Affected versions are prior to 0.29.0.gfm.6; patched in 0.29.0.gfm.6. Upgrading t...
CVE-2023-22484
The CVE-2023-22484 issue affects cmark-gfm, GitHub’s fork of the C library cmark. It describes a polynomial-time complexity vulnerability in cmark-gfm that can lead to unbounded resource exhaustion and denial of service on affected versions. According to linked documents, versions prior to 0.29.0...
CVE-2023-22483
CVE-2023-22483 affects cmark-gfm, GitHub’s fork of the CommonMark C library. The issue is a set of polynomial-time complexity vulnerabilities in cmark-gfm that can cause unbounded resource exhaustion and denial of service when parsing large inputs, affecting versions prior to 0.29.0.gfm.7. Severa...
CVE-2023-24824
CVE-2023-24824 affects cmark-gfm (GitHub’s fork of cmark) in C, where quadratic/polynomial parsing complexity can exhaust resources and cause DoS when processing inputs that begin with many ‘>’ or ‘-’. The issue is mitigated by upgrading to upstream 0.29.0.gfm.10; downstream ecosystems (e.g., ...