Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
CVE-2023-22484

3.5LOW

Key Information:

Vendor: Github
Status: Cmark-gfm
Vendor: CVE Published:; 23 January 2023

What is CVE-2023-22484?

The cmark-gfm library, a GitHub fork of the CommonMark parsing and rendering library, is affected by a polynomial time complexity issue that can cause unbounded resource exhaustion. This vulnerability allows attackers to exploit the library, leading to potential denial of service by overwhelming system resources. The flaw has been addressed in version 0.29.0.gfm.7, urging all users to update to mitigate these risks.

Affected Version(s)

cmark-gfm < 0.29.0.gfm.7

References

https://github.com/github/cmark-gfm/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2023
Vulnerability Reserved
Dec 29, 2022

Github

What is CVE-2023-22484?

Affected Version(s)

References

CVSS V3.1

Timeline