PT-2023-19806 · Cmark-Gfm+5 · Cmark-Gfm+5

Nwellnhof

·

Publicado

2023-03-31

·

Atualizado

2025-12-27

·

CVE-2023-24824

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions cmark-gfm versions prior to 0.29.0.gfm.10
Description A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This issue is related to quadratic complexity when parsing text that leads with either large numbers of > or - characters.
Recommendations For versions prior to 0.29.0.gfm.10, upgrade to version 0.29.0.gfm.10 or later to address the issue. For users unable to upgrade, validate that their input comes from trusted sources to minimize the risk of exploitation.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-407CWE-400

Identificadores relacionados

ALSA-2025:8427
CESA-2025_8427
CVE-2023-24824
GHSA-66G8-4HJF-77XH
HSEC-2025-0007
INFSA-2025_8427
RHSA-2025:8427
RHSA-2025_8427
RSEC-2023-8

Produtos afetados

Almalinux
Centos
Debian
Red Hat
Rocky Linux
Cmark-Gfm