CVE-2023-22483

Name of the Vulnerable Software and Affected Versions cmark-gfm versions prior to 0.29.0.gfm.7

Description cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. The issue is related to several polynomial time complexity problems that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically.

Recommendations For versions prior to 0.29.0.gfm.7, upgrade to version 0.29.0.gfm.7 or later to patch the vulnerabilities. If upgrading is not possible, validate input from trusted sources to minimize the risk of exploitation. As a temporary workaround, consider restricting the input size to prevent large values from being piped to cmark-gfm.