Denial of Service Risk in Go Markdown Parser by GoMarkdown
CVE-2024-44337

5.1MEDIUM

Key Information:

Vendor: GoMarkdown
Status: Go Markdown Parser
Vendor: CVE Published:; 15 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-44337?

A denial of service vulnerability exists in the Go Markdown Parser, specifically in its paragraph parsing function. This vulnerability allows a remote attacker to exploit a logical flaw that results in an infinite loop when crafted input is processed. This can lead to excessive resource consumption, causing the application to become unresponsive. The issue has been addressed in submit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, which rectifies the underlying problem and mitigates the risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-44337
Created by Brinmon

References

https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef...

https://github.com/Brinmon/CVE-2024-44337

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 15, 2024
👾
Exploit known to exist
Oct 15, 2024
Vulnerability published
Oct 15, 2024

CVE-2024-44337 Data

JSON