CVE-2023-42821

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-42821
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-42821.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-42821
Aliases
Related
Published
2023-09-22T17:15:14Z
Modified
2024-10-12T11:05:56.456731Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have parser.Mmark extension set. The panic occurs inside the citation.go file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit 14b16010c2ee7ff33a940a541d993bd043a88940/pseudoversion 0.0.0-20230922105210-14b16010c2ee contains a patch for this issue.

References

Affected packages

Debian:12 / golang-github-gomarkdown-markdown

Package

Name
golang-github-gomarkdown-markdown
Purl
pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20220731.dcdaee8-2
0.0~git20231115.a660076-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-gomarkdown-markdown

Package

Name
golang-github-gomarkdown-markdown
Purl
pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0~git20231115.a660076-1

Affected versions

0.*

0.0~git20220731.dcdaee8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gomarkdown/markdown

Affected ranges

Type
GIT
Repo
https://github.com/gomarkdown/markdown
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed