CVE-2024-44337
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-44337
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44337.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-44337
- Aliases
- Related
- Published
- 2024-10-15T20:15:21Z
- Modified
- 2024-12-12T15:57:46.252688Z
- Summary
- [none]
- Details
-
The package
github.com/gomarkdown/markdownis a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversionv0.0.0-20240729232818-a2a9c4f, which corresponds with commita2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submita2a9c4f76ef5a5c32108e36f7c47f8d310322252contains fixes to this problem. - References
Affected packages
Debian:12 / golang-github-gomarkdown-markdown
Package
- Name
- golang-github-gomarkdown-markdown
- Purl
- pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source
Debian:13 / golang-github-gomarkdown-markdown
Package
- Name
- golang-github-gomarkdown-markdown
- Purl
- pkg:deb/debian/golang-github-gomarkdown-markdown?arch=source