CVE-2023-22484 LOW

CVE-2023-22484: Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service

Vendor Github
Product cmark-gfm
Weakness CWE-400
Published January 23, 2023
Last update March 10, 2025

CVSS base score

3.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

Key dates

02Disclosure timeline

January 23, 2023 CVE published
March 10, 2025 Record updated