VDB

CVE-2023-22486

CVE-2023-22486 PUBLISHED CVSS 3.5 LOW

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

EPSS 0.12% · 30.9th percentile

Risk Scores

CVSS v3.1
3.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.12%
30.9th percentile

Affected Products

VendorProductVersions
githubcmark-gfm< 0.29.0.gfm.7, 0, < 0.29.0.gfm.7

Timeline

  • Jan 24, 2023 EPSS Score
  • Jan 24, 2023 CVE Published
  • Mar 5, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 15, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 4, 2023 EPSS Score
  • Aug 14, 2023 EPSS Score
  • Sep 23, 2023 EPSS Score
  • Nov 2, 2023 EPSS Score
  • Dec 13, 2023 EPSS Score
  • Jan 22, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›