CVE-2025-12983

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-12983
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12983.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-12983
Aliases
Downstream
Related
Published
2025-11-15T08:13:32.098Z
Modified
2025-11-21T09:52:50.778723Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L CVSS Calculator
Summary
Memory Allocation with Excessive Size Value in GitLab
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns.

Database specific 
{
    "cwe_ids": [
        "CWE-789"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
76326ae8b898b38c8217ad037ed7122be00e62f0
Fixed
424c6d1f82a9a32df34d8059f2dadc30d356ff65
Database specific 
{
    "versions": [
        {
            "introduced": "16.9"
        },
        {
            "fixed": "18.3.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9255f56b45844196bb7657a9f1fde6aa65a5d08d
Fixed
e2798305dc3604e272e12a319a932e96c3540374
Database specific 
{
    "versions": [
        {
            "introduced": "18.4"
        },
        {
            "fixed": "18.4.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
37cc4da7158316bb9b204cef9b056f16fff1df32
Fixed
cb961538ba8e451246e168e7bbd5b1e04f69102a
Database specific 
{
    "versions": [
        {
            "introduced": "18.5"
        },
        {
            "fixed": "18.5.2"
        }
    ]
}

Affected versions

v18.*

v18.4.0-ee
v18.4.1-ee
v18.4.2-ee
v18.4.3-ee
v18.5.0-ee
v18.5.1-ee