漏洞标题
Quadratic complexity 可能导致 Cmark-gfm 中拒绝服务。
漏洞描述信息
二次复杂度可能导致cmark-gfm拒绝服务
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Quadratic complexity may lead to a denial of service in cmark-gfm
漏洞描述信息
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
cmark-gfm 资源管理错误漏洞
漏洞描述信息
cmark-gfm是CommonMark的 C 参考实现的扩展版本,是带有规范的 Markdown 语法的合理化版本。 cmark-gfm存在资源管理错误漏洞。攻击者利用该漏洞导致无限制的资源耗尽和随后的拒绝服务。
CVSS信息
N/A
漏洞类别
资源管理错误