Home > Vulnerability Database > CVE-2024-44337

Mend.io Vulnerability Database

CVE-2024-44337

Good to know:

Date: October 14, 2024

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

Language: Go

Severity Score

5.1

Related Resources (5)

Url: https://github.com/gomarkdown/markdown

Url: https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-44337

Url: https://github.com/Brinmon/CVE-2024-44337

Url: https://www.mend.io/vulnerability-database/CVE-2024-44337

Severity Score

5.1

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version github.com/gomarkdown/markdown-a2a9c4f76ef5a5c32108e36f7c47f8d310322252

Learn More

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-44337

Good to know:

Date: October 14, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?