CVE-2023-37463

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 13, 2023

Updated: Jul 25, 2023

CWE ID 400

Summary

CVE-2023-37463 affects the cmark-gfm implementation of CommonMark, an extended version of Markdown syntax. Three polynomial time complexity issues have been identified in this software, which can lead to unbounded resource exhaustion and potential denial of service attacks. The vulnerabilities have been addressed in the 0.29.0.gfm.12 patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Github Cmark-gfm

Affected Vendors

GitHub

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5bFf1
https://www.cve.org/CVERecord?id=CVE-2023-37463
https://nvd.nist.gov/vuln/detail/CVE-2023-37463

Back to Vulnerability Database