PT-2023-19806 · Cmark-Gfm+5 · Cmark-Gfm+5

Nwellnhof

Published

2023-03-31

Updated

2025-12-27

CVE-2023-24824

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions cmark-gfm versions prior to 0.29.0.gfm.10

Description A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This issue is related to quadratic complexity when parsing text that leads with either large numbers of > or - characters.

Recommendations For versions prior to 0.29.0.gfm.10, upgrade to version 0.29.0.gfm.10 or later to address the issue. For users unable to upgrade, validate that their input comes from trusted sources to minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407CWE-400

Related Identifiers

ALSA-2025:8427

CESA-2025_8427

CVE-2023-24824

GHSA-66G8-4HJF-77XH

HSEC-2025-0007

INFSA-2025_8427

RHSA-2025:8427

RHSA-2025_8427

RSEC-2023-8

Affected Products

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Cmark-Gfm

PT-2023-19806 · Cmark-Gfm+5 · Cmark-Gfm+5

CVE-2023-24824

Weakness Enumeration

Related Identifiers

Affected Products

References · 30