CVE-2023-22484

Summary

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

Affected Software

VendorProductVersion RangeStatus
githubcmark-gfm< 0.29.0.gfm.7affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption
  • CWE-407: CWE-407: Inefficient Algorithmic Complexity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References