Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-42821

Опубликовано: 22 сент. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have parser.Mmark extension set. The panic occurs inside the citation.go file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit 14b16010c2ee7ff33a940a541d993bd043a88940/pseudoversion 0.0.0-20230922105210-14b16010c2ee contains a patch for this issue.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

needs-triage

esm-apps/noble

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

lunar

ignored

end of life, was needs-triage
mantic

ignored

end of life, was needs-triage
noble

needs-triage

oracular

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 58%
0.00369
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-42821

CVSS3: 7.5
nvd
больше 2 лет назад

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.

msrc логотип

CVE-2023-42821

CVSS3: 7.5
msrc
почти 2 года назад

Описание отсутствует

debian логотип

CVE-2023-42821

CVSS3: 7.5
debian
больше 2 лет назад

The package `github.com/gomarkdown/markdown` is a Go library for parsi ...

github логотип

GHSA-m9xq-6h2j-65r2

CVSS3: 7.5
github
больше 2 лет назад

Markdown vulnerable to Out-of-bounds Read while parsing citations

EPSS

Процентиль: 58%
0.00369
Низкий

7.5 High

CVSS3