DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-44337

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-44337

CGA ID

CGA-8wqp-gwg8-9rpj

Severity

5.1

Medium

CVSS V3

Summary

Infinite loop in github.com/gomarkdown/markdown

Description

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit a2a9c4f76ef5a5c32108e36f7c47f8d310322252 contains fixes to this problem.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images