Description

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

INFO

Published Date :

2024-10-15T00:00:00.000Z

Last Modified :

2024-11-14T16:11:29.351Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-44337 vulnerability.

Vendors Products
Gomarkdown
  • Markdown
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-44337.

URL Resource
https://github.com/Brinmon/CVE-2024-44337 cve-icon cve-icon cve-icon
https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-44337 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-44337 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact