The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. In versions prior to 0.0.0-20230922105210-14b16010c2ee, parsing malformed markdown input with parser that uses parser. `Mmark` extension could result in Out-of-bounds Read vulnerability. To exploit the vulnerability, the parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on line 69 when the parser tries to access the element past its length. This can result in a Denial-of-Service (DoS) attack.
CWE-125 - Out-of-Bounds Read
Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.