github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
Description
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have parser.Mmark extension set. The panic occurs inside the citation.go file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit 14b16010c2ee7ff33a940a541d993bd043a88940/pseudoversion 0.0.0-20230922105210-14b16010c2ee contains a patch for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gomarkdown/markdownGo | < 0.0.0-20230922105210-14b16010c2ee | 0.0.0-20230922105210-14b16010c2ee |
Affected products
1- Range: < 0.0.0-20230922105210-14b16010c2ee
Patches
12 files changed · +11 −1
parser/block.go+6 −1 modified@@ -191,6 +191,11 @@ func (p *Parser) Block(data []byte) { // <div> // ... // </div> + + if len(data) == 0 { + continue + } + if data[0] == '<' { if i := p.html(data, true); i > 0 { data = data[i:] @@ -393,7 +398,7 @@ func (p *Parser) AddBlock(n ast.Node) ast.Node { } func (p *Parser) isPrefixHeading(data []byte) bool { - if data[0] != '#' { + if len(data) > 0 && data[0] != '#' { return false }
parser/citation.go+5 −0 modified@@ -65,6 +65,11 @@ func citation(p *Parser, data []byte, offset int) (int, ast.Node) { } citeType := ast.CitationTypeInformative + + if len(citation) < 2 { + continue + } + j = 1 switch citation[j] { case '!':
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-m9xq-6h2j-65r2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-42821ghsaADVISORY
- github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.goghsax_refsource_MISCWEB
- github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940ghsax_refsource_MISCWEB
- github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.