CVE-2024-44337 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-44337 PUBLISHED CVSS 6.900000095367432 MEDIUM

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

EPSS 4.04% · 88.4th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS Score

4.04%

88.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, n/a
github.com	gomarkdown/markdown	0, 0

Timeline

Oct 15, 2024 CVE Published
Oct 15, 2024 PoC Published
Oct 16, 2024 EPSS Score
Oct 17, 2024 Coalition ESS Score
Nov 3, 2024 EPSS Score
Nov 14, 2024 Coalition ESS Score
Dec 10, 2024 EPSS Score
Dec 28, 2024 EPSS Score
Jan 15, 2025 EPSS Score
Feb 20, 2025 EPSS Score
Mar 11, 2025 EPSS Score
Mar 17, 2025 EPSS Score

References

Open in Interactive Console →