CVE-2023-37463 MEDIUM

CVE-2023-37463: Quadratic complexity bugs may lead to a denial of service

Vendor Github
Product cmark-gfm
Weakness CWE-400
Published July 13, 2023
Last update October 30, 2024

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.

Key dates

02Disclosure timeline

July 13, 2023 CVE published
October 30, 2024 Record updated