Inefficient Algorithmic Complexity

CVE-2023-22484

High

7.5/10

Summary

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. This package contains a Polynomial Time Complexity issue in cmark-gfm that may lead to Unbounded Resource Exhaustion and subsequent Denial of Service. This vulnerability affects cmark-gfm versions prior to 0.29.0.gfm.7 and cmark versions prior to 0.30.3.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-407 - Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

Advisory
cmark-gfm
cmark
Issue
Pull request

Advisory Timeline

Published Jan 23, 2023

Inefficient Algorithmic Complexity

CVE-2023-22484

Summary

CWE-407 - Inefficient Algorithmic Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS