CVE-2024-44337Infinite Loop in Gomarkdown Markdown

CWE-835Infinite Loop8 documents6 sources
Severity
5.1MEDIUMNVD
EPSS
4.0%
top 11.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Github.com Gomarkdown MarkdownDebian Golang-github-gomarkdown-markdownMsrc Cbl2 Cri-o 1.22.3-11 ON CBL Mariner 2.0+1 more
Timeline
PublishedOct 15
Latest updateDec 12

Description

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consu

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.5 | Impact: 2.5

Affected Packages4 packages

Gogithub.com/gomarkdown_markdown< 0.0.0-20240729212818-a2a9c4f76ef5

🔴Vulnerability Details

4
OSV
Infinite loop in github.com/gomarkdown/markdown2024-12-12
OSV
Infinite loop in github.com/gomarkdown/markdown2024-10-15
GHSA
Infinite loop in github.com/gomarkdown/markdown2024-10-15
OSV
CVE-2024-44337: The package `github2024-10-15

📋Vendor Advisories

3
Red Hat
gomarkdown/markdown: infinite loop via the paragraph function of parser/block.go2024-10-15
Microsoft
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a2024-10-08
Debian
CVE-2024-44337: golang-github-gomarkdown-markdown - The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdow...2024