CVE-2024-44337

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44337
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

5.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/Brinmon/CVE-2024-44337
https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252
Configurations

No configuration.

History

14 Nov 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.1

16 Oct 2024, 16:38

Type Values Removed Values Added
Summary
  • (es) El paquete `github.com/gomarkdown/markdown` es una librería Go para analizar texto Markdown y representarlo como HTML. Antes de la pseudoversión `v0.0.0-20240729232818-a2a9c4f`, que corresponde con el commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, había un problema lógico en la función de párrafo del archivo parser/block.go, que permitía a un atacante remoto provocar una condición de denegación de servicio (DoS) al proporcionar una entrada personalizada que causaba un bucle infinito, lo que hacía que el programa se colgara y consumiera recursos indefinidamente. La publicación `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contiene correcciones a este problema.

15 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 20:15

Updated : 2024-11-14 16:35

NVD link : CVE-2024-44337

Mitre link : CVE-2024-44337

CVE.ORG link : CVE-2024-44337

JSON object : View

Products Affected

No product.

CWE

No CWE.