CVE-2023-22483 LOW

CVE-2023-22483: cmark-gfm Quadratic complexity bugs may lead to a denial of service

Vendor Github

Product cmark-gfm

Weakness CWE-400

Published January 23, 2023

Last update March 10, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.

Key dates

02Disclosure timeline

January 23, 2023 CVE published

March 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22483 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

CVE-2023-22483: cmark-gfm Quadratic complexity bugs may lead to a denial of service

01Description

02Disclosure timeline

03References

04Related CVE