CVE-2024-44337
Description
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit a2a9c4f76ef5a5c32108e36f7c47f8d310322252 contains fixes to this problem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gomarkdown/markdownGo | < 0.0.0-20240729212818-a2a9c4f76ef5 | 0.0.0-20240729212818-a2a9c4f76ef5 |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/fqpkg:apk/chainguard/kube-metrics-adapterpkg:apk/wolfi/fqpkg:apk/wolfi/kube-metrics-adapterpkg:golang/github.com/gomarkdown/markdownpkg:rpm/opensuse/fq&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.13.0-r0+ 6 more
- (no CPE)range: < 0.13.0-r0
- (no CPE)range: < 0.2.3-r2
- (no CPE)range: < 0.13.0-r0
- (no CPE)range: < 0.2.3-r2
- (no CPE)range: < 0.0.0-20240729212818-a2a9c4f76ef5
- (no CPE)range: < 0.14.0-1.1
- (no CPE)range: < 0.0.20241213T205935-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.