Github Cmark-Gfm vulnerabilities

CVE-2024-22051 [CRITICAL] CWE-190 CVE-2024-22051: CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnera CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

CVE-2023-37463 [HIGH] CWE-400 CVE-2023-37463: cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized ver cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.

CVE-2023-26485 [HIGH] CWE-400 CVE-2023-26485: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue ha

CVE-2023-24824 [HIGH] CWE-400 CVE-2023-24824: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This i

CVE-2023-22486 [HIGH] CWE-400 CVE-2023-22486: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Ve cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

CVE-2023-22485 [MEDIUM] CWE-125 CVE-2023-22485: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any

CVE-2023-22483 [HIGH] CWE-400 CVE-2023-22483: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Ve cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the ru

CVE-2023-22484 [HIGH] CWE-400 CVE-2023-22484: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Ve cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

CVE-2022-39209 [MEDIUM] CWE-400 CVE-2022-39209: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "

CVE-2022-24724 [CRITICAL] CWE-190 CVE-2022-24724: cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to ver cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this he

CVE-2020-5238 [MEDIUM] CWE-20 CVE-2020-5238: The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to p The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.