github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
CVE-2023-42821

7.5HIGH

Key Information:

Vendor

Gomarkdown

Status
Markdown
Vendor
CVE Published:
22 September 2023

What is CVE-2023-42821?

The Go library for parsing Markdown, 'github.com/gomarkdown/markdown', is susceptible to an out-of-bounds read due to malformed input when using the parser.Mmark extension. This vulnerability occurs in the 'citation.go' file at line 69, where the parser attempts to access an element beyond its length, which can lead to a denial of service. A patch is included in the commit '14b16010c2ee7ff33a940a541d993bd043a88940' to mitigate the issue.

Affected Version(s)

markdown < 0.0.0-20230922105210-14b16010c2ee

References

https://github.com/gomarkdown/markdown/security/advisorie...
x_refsource_CONFIRM
https://github.com/gomarkdown/markdown/commit/14b16010c2e...
x_refsource_MISC
https://github.com/gomarkdown/markdown/blob/7478c230c7cd3...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.