Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-42821

Date: September 22, 2023

The package "github.com/gomarkdown/markdown" is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion "0.0.0-20230922105210-14b16010c2ee", which corresponds with commit "14b16010c2ee7ff33a940a541d993bd043a88940", parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have "parser.Mmark" extension set. The panic occurs inside the "citation.go" file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit "14b16010c2ee7ff33a940a541d993bd043a88940"/pseudoversion "0.0.0-20230922105210-14b16010c2ee" contains a patch for this issue.

Language: Go

Severity Score

Related Resources (7)

https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2
https://security-tracker.debian.org/tracker/CVE-2023-42821
https://github.com/gomarkdown/markdown
https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69
https://nvd.nist.gov/vuln/detail/CVE-2023-42821
https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940
https://www.mend.io/vulnerability-database/CVE-2023-42821

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us