CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22051 – CommonMarker Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-22051
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. Las versiones de CommonMarker anteriores a la 0.23.4 corren el riesgo de sufrir una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad puede provocar que atacantes remotos posiblemente no autenticados provoquen daños en la memoria del montón, lo que podría provocar una fuga de información o la ejecución remota de código, a través de tablas de análisis con filas de marcadores que contienen más de columnas UINT16_MAX. • https://github.com/advisories/GHSA-fmx4-26r3-wxpf https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37463 – Quadratic complexity bugs may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-37463
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. • https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12 https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24824 – Quadratic complexity may lead to a denial of service in cmark-gfm
https://notcve.org/view.php?id=CVE-2023-24824
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. • https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26485 – Quadratic complexity may lead to a denial of service in cmark-gfm
https://notcve.org/view.php?id=CVE-2023-26485
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. • https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22486 – cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-22486
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. cmark-gfm es la bifurcación de GitHub de cmark, una librería y programa de análisis y representación de CommonMark en C. Las versiones anteriores a 0.29.0.gfm.7 contienen un problema de complejidad de tiempo polinomial en handle_close_bracket que puede provocar un agotamiento ilimitado de los recursos y una posterior denegación de servicio. Esta vulnerabilidad ha sido parcheada en 0.29.0.gfm.7. • https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •