Описание
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cmark-gfm | fixed | 0.29.0.gfm.13-1 | package | |
| cmark-gfm | ignored | bookworm | package | |
| cmark-gfm | no-dsa | bullseye | package | |
| cmark-gfm | no-dsa | buster | package | |
| python-cmarkgfm | fixed | 2024.11.20-1 | package | |
| python-cmarkgfm | no-dsa | bookworm | package | |
| python-cmarkgfm | no-dsa | bullseye | package | |
| python-cmarkgfm | no-dsa | buster | package | |
| r-cran-commonmark | fixed | 1.9.0-1 | package | |
| r-cran-commonmark | ignored | bookworm | package | |
| r-cran-commonmark | no-dsa | bullseye | package | |
| r-cran-commonmark | no-dsa | buster | package | |
| ruby-commonmarker | fixed | 0.23.10-1 | package | |
| ruby-commonmarker | ignored | bookworm | package | |
| ruby-commonmarker | no-dsa | bullseye | package | |
| ruby-commonmarker | no-dsa | buster | package |
Примечания
https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c
https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
Связанные уязвимости
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.