DEBIAN-CVE-2024-44337
- Source
- https://security-tracker.debian.org/tracker/CVE-2024-44337
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-44337.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-44337
- Upstream
- Published
- 2024-10-15T20:15:21Z
- Modified
- 2025-10-10T19:30:50.731069Z
- Severity
-
- 5.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
The package
github.com/gomarkdown/markdownis a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversionv0.0.0-20240729232818-a2a9c4f, which corresponds with commita2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submita2a9c4f76ef5a5c32108e36f7c47f8d310322252contains fixes to this problem. - References
Affected packages
Debian:12 / golang-github-gomarkdown-markdown
Package
- Name
- golang-github-gomarkdown-markdown
- Purl
- pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source
Debian:13 / golang-github-gomarkdown-markdown
Package
- Name
- golang-github-gomarkdown-markdown
- Purl
- pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source
Debian:14 / golang-github-gomarkdown-markdown
Package
- Name
- golang-github-gomarkdown-markdown
- Purl
- pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source