CVE-2023-22484 — Uncontrolled Resource Consumption in Github Cmark-gfm

CWE-400 — Uncontrolled Resource Consumption CWE-407 — Inefficient Algorithmic Complexity7 documents5 sources

Severity

7.5HIGHNVD

OSV6.5

EPSS

0.2%

top 54.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github Cmark-gfm Debian Cmark-gfm Debian Python-cmarkgfm +2 more

Timeline

PublishedJan 23

Latest updateMar 3

Description

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDgithub/cmark-gfm< 0.29.0.gfm.7

▶Debiangithub/cmark-gfm< 0.29.0.gfm.13-1+1

▶Ubuntugithub/cmark-gfm< 0.29.0.gfm.0-4ubuntu0.1~esm1+2

▶debiandebian/cmark-gfm< cmark-gfm 0.29.0.gfm.13-1 (forky)

▶debiandebian/python-cmarkgfm< cmark-gfm 0.29.0.gfm.13-1 (forky)

🔴Vulnerability Details

OSV

cmark-gfm vulnerabilities↗2025-03-03

▶

OSV

Several quadratic complexity bugs may lead to denial of service in Commonmarker↗2023-01-24

▶

GHSA

Several quadratic complexity bugs may lead to denial of service in Commonmarker↗2023-01-24

▶

OSV

CVE-2023-22484: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C↗2023-01-23

▶

📋Vendor Advisories

Ubuntu

cmark-gfm vulnerabilities↗2025-03-03

▶

Debian

CVE-2023-22484: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ...↗2023

▶