[Bug 1207438] New: VUL-0: CVE-2023-22484: ghc-cmark-gfm: cmark-gfm: quadratic complexity bug in handle_pointy_brace may lead to a denial of service
http://bugzilla.opensuse.org/show_bug.cgi?id=1207438 Bug ID: 1207438 Summary: VUL-0: CVE-2023-22484: ghc-cmark-gfm: cmark-gfm: quadratic complexity bug in handle_pointy_brace may lead to a denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/354903/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: peter.simons@suse.com Reporter: thomas.leroy@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2023-22484 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22484 https://www.cve.org/CVERecord?id=CVE-2023-22484 https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1207438 http://bugzilla.opensuse.org/show_bug.cgi?id=1207438#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger@gmx.de, | |kgronlund@suse.com, | |mimi.vx@gmail.com, | |peter.simons@suse.com, | |security-team@suse.de Assignee|peter.simons@suse.com |kgronlund@suse.com Summary|VUL-0: CVE-2023-22484: |VUL-0: CVE-2023-22484: |ghc-cmark-gfm: cmark-gfm: |cmark,ghc-cmark-gfm: |quadratic complexity bug in |quadratic complexity bug in |handle_pointy_brace may |handle_pointy_brace may |lead to a denial of service |lead to a denial of service Flags| |needinfo?(security-team@sus | |e.de) --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- security team, check SUSE:SLE-15-SP4:GA/cmark https://github.com/commonmark/cmark/releases/tag/0.30.3 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1207438 http://bugzilla.opensuse.org/show_bug.cgi?id=1207438#c2 --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- https://build.opensuse.org/request/show/1072818 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com