Home > Vulnerability Database > CVE-2024-44337

Mend.io Vulnerability Database

CVE-2024-44337

Date: October 14, 2024

The package "github.com/gomarkdown/markdown" is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion "v0.0.0-20240729232818-a2a9c4f", which corresponds with commit "a2a9c4f76ef5a5c32108e36f7c47f8d310322252", there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit "a2a9c4f76ef5a5c32108e36f7c47f8d310322252" contains fixes to this problem.

Language: Go

Severity Score

5.1

Related Resources (8)

Url: https://github.com/advisories/GHSA-xhr3-wf7j-h255

Url: https://github.com/gomarkdown/markdown

Url: https://pkg.go.dev/vuln/GO-2024-3205

Url: https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252

Url: https://security-tracker.debian.org/tracker/CVE-2024-44337

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-44337

Url: https://github.com/Brinmon/CVE-2024-44337

Url: https://www.mend.io/vulnerability-database/CVE-2024-44337

Severity Score

5.1

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-44337

Date: October 14, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?