CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2024-22051 – CommonMarker Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-22051
04 Jan 2024 — CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. Las versiones de CommonMarker anteriores a la 0.23.4 corren el riesgo de sufrir una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad puede provocar que ... • https://github.com/advisories/GHSA-fmx4-26r3-wxpf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37463 – Quadratic complexity bugs may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-37463
13 Jul 2023 — cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. • https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24824 – Quadratic complexity may lead to a denial of service in cmark-gfm
https://notcve.org/view.php?id=CVE-2023-24824
31 Mar 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. • https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26485 – Quadratic complexity may lead to a denial of service in cmark-gfm
https://notcve.org/view.php?id=CVE-2023-26485
31 Mar 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. • https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22486 – cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-22486
24 Jan 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. cmark-gfm es la bifurcación de GitHub de cmark, una librería y programa de análisis y representación de CommonMark en C. Las versiones anteriores a 0.29.0.gfm.7 contienen un problema... • https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22485 – cmark-gfm out-of-bounds read in validate_protocol
https://notcve.org/view.php?id=CVE-2023-22485
24 Jan 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7. cmmark-gfm es la bifurcación de GitHub de cmark, una librería y programa de análisis y repre... • https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr • CWE-91: XML Injection (aka Blind XPath Injection) CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22484 – Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-22484
23 Jan 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. cmark-gfm es la bifurcación de GitHub de cmark, una librería y programa de análisis y representación de CommonMark en C. Las versiones anteriores a 0.29.0.gfm.7 están sujetas a un proble... • https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22483 – cmark-gfm Quadratic complexity bugs may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-22483
23 Jan 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7. cmark-gfm es la bifurcación de GitHub de cmark, una libr... • https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2022-39209 – Uncontrolled Resource Consumption in cmark-gfm
https://notcve.org/view.php?id=CVE-2022-39209
15 Sep 2022 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. • https://en.wikipedia.org/wiki/Time_complexity • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 2CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption
https://notcve.org/view.php?id=CVE-2022-24724
03 Mar 2022 — cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote ... • https://packetstorm.news/files/id/166599 • CWE-190: Integer Overflow or Wraparound •