Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-39209

Опубликовано: 15 сент. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.

РелизСтатусПримечание
bionic

DNE

devel

not-affected

esm-apps/focal

released

0.29.0.gfm.0-4ubuntu0.1~esm1
esm-apps/jammy

released

0.29.0.gfm.3-3ubuntu0.1~esm1
esm-apps/noble

not-affected

focal

ignored

end of standard support, was needed
jammy

needed

kinetic

ignored

end of life, was needs-triage
lunar

ignored

end of life, was needs-triage
mantic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%
0.01103
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-39209

CVSS3: 6.5
redhat
больше 3 лет назад

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.

nvd логотип

CVE-2022-39209

CVSS3: 7.5
nvd
больше 3 лет назад

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.

debian логотип

CVE-2022-39209

CVSS3: 7.5
debian
больше 3 лет назад

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...

EPSS

Процентиль: 78%
0.01103
Низкий

7.5 High

CVSS3