Skip to main content

Out-of-bounds Read


Severity High
Score 7.5/10


The package `` is a Go library for parsing Markdown text and rendering as HTML. In versions prior to 0.0.0-20230922105210-14b16010c2ee, parsing malformed markdown input with parser that uses parser. `Mmark` extension could result in Out-of-bounds Read vulnerability. To exploit the vulnerability, the parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on line 69 when the parser tries to access the element past its length. This can result in a Denial-of-Service (DoS) attack.

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

Advisory Timeline

  • Published