Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-22486
HistoryJan 26, 2023 - 12:00 a.m.

CVE-2023-22486

2023-01-2600:00:00
ubuntu.com
ubuntu.com
11
github
cmark-gfm
denial of service
vulnerability
polynomial time complexity

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.6%

cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering
library and program in C. Versions prior to 0.29.0.gfm.7 contain a
polynomial time complexity issue in handle_close_bracket that may lead to
unbounded resource exhaustion and subsequent denial of service. This
vulnerability has been patched in 0.29.0.gfm.7.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.6%