CVE-2021-41168

Name of the Vulnerable Software and Affected Versions Snudown versions prior to 1.7.0

Description Snudown, a reddit-specific fork of the Sundown Markdown parser, is vulnerable to denial of service attacks due to its reference table implementation. The hash table used for references written in markdown, such as [reference name]: https://www.example.com, has a weak hash function, allowing an attacker to generate a large number of collisions. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. The hash table also allowed for duplicate entries, resulting in long retrieval times.

Recommendations For versions prior to 1.7.0, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider restricting the use of references in markdown to minimize the risk of exploitation. Avoid using duplicate references in the affected hash table until the issue is resolved.