Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
CVE-2023-22484

7.5HIGH

Key Information:

Vendor: github
Status: cmark-gfm
Vendor: CVE Published:; 23 January 2023

Summary

The cmark-gfm library, a GitHub fork of the CommonMark parsing and rendering library, is affected by a polynomial time complexity issue that can cause unbounded resource exhaustion. This vulnerability allows attackers to exploit the library, leading to potential denial of service by overwhelming system resources. The flaw has been addressed in version 0.29.0.gfm.7, urging all users to update to mitigate these risks.

Affected Version(s)

cmark-gfm < 0.29.0.gfm.7

References

https://github.com/github/cmark-gfm/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2023
Vulnerability Reserved
Dec 29, 2022