UBUNTU-CVE-2024-44337

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-44337

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-44337.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-44337

Related

CVE-2024-44337

Published

2024-10-15T20:15:00Z

Modified

2025-01-13T10:25:59Z

Summary

[none]

Details

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit a2a9c4f76ef5a5c32108e36f7c47f8d310322252 contains fixes to this problem.

References

Affected packages

Ubuntu:24.10 / golang-github-gomarkdown-markdown

Package

Name: golang-github-gomarkdown-markdown
Purl: pkg:deb/ubuntu/golang-github-gomarkdown-markdown@0.0~git20231115.a660076-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20231115.a660076-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-github-gomarkdown-markdown

Package

Name: golang-github-gomarkdown-markdown
Purl: pkg:deb/ubuntu/golang-github-gomarkdown-markdown@0.0~git20231115.a660076-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20220731.dcdaee8-2

0.0~git20231115.a660076-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}