PT-2023-21857 · Comrak · Comrak

Philipturnbull

Publicado

2023-03-28

Atualizado

2023-04-29

CVE-2023-28626

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions comrak versions prior to 0.17.0

Description The issue concerns quadratic parsing problems in comrak, a CommonMark + GFM compatible Markdown parser and renderer written in rust. These problems can be exploited to craft denial-of-service attacks on services that use comrak to parse Markdown.

Recommendations For versions prior to 0.17.0, upgrade to version 0.17.0 to address the quadratic parsing issues. As a temporary workaround, consider restricting the use of comrak for parsing Markdown until the issue is resolved. Avoid using comrak to parse potentially malicious Markdown input until the issue is fixed.

Exploit

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2023-28626

GHSA-8HQF-XJWP-P67V

Produtos afetados

Comrak

PT-2023-21857 · Comrak · Comrak

CVE-2023-28626

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22