CVE-2023-22484

Name of the Vulnerable Software and Affected Versions cmark-gfm versions prior to 0.29.0.gfm.7 cmark-gfm versions prior to 0.29.0.gfm.12

Description The issue concerns a polynomial time complexity problem in cmark-gfm, which may lead to unbounded resource exhaustion and subsequent denial of service. This problem affects multiple components, including autolink extension, handle close bracket, and parsing of certain text patterns, such as those starting with >, -, or . An out-of-bounds read was also identified in the validate protocol function, although it is considered less severe.

Recommendations For versions prior to 0.29.0.gfm.7, update to version 0.29.0.gfm.7 or later to resolve the issue. For versions prior to 0.29.0.gfm.12, update to version 0.29.0.gfm.12 to ensure all patches are applied. As a temporary workaround, consider validating input from trusted sources if upgrading is not immediately possible.