CVE-2022-34749

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mistune versions 2.0.2 and earlier

Description The issue arises from the support of inline markup in Mistune, which utilizes regular expressions. These regular expressions can lead to a high amount of backtracking on certain edge cases, a behavior commonly referred to as catastrophic backtracking.

Recommendations For Mistune versions 2.0.2 and earlier, consider updating to a version that addresses the issue of catastrophic backtracking in regular expressions used for inline markup support. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

AZL-10403

CVE-2022-34749

GHSA-FW3V-X4F2-V673

OPENSUSE-SU-2024:12350-1

OPENSUSE-SU-2024:13453-1

OPENSUSE-SU-2025:14637-1

PYSEC-2022-237

RHSA-2026:2711

RHSA-2026:2769

Affected Products

Debian

Mistune

CVE-2022-34749

Weakness Enumeration

Related Identifiers

Affected Products

References · 23