Bugzilla – Bug 1213317
VUL-0: CVE-2023-37463: cmark,python-cmarkgfm,ghc-cmark-gfm: polynomial time complexity issues
Last modified: 2024-02-22 14:56:05 UTC
CVE-2023-37463 cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37463 https://www.cve.org/CVERecord?id=CVE-2023-37463 https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12 https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5
Afected: openSUSE:Backports:SLE-15-SP4/ghc-cmark-gfm openSUSE:Backports:SLE-15-SP5/ghc-cmark-gfm openSUSE:Backports:SLE-15-SP4/python-cmarkgfm openSUSE:Backports:SLE-15-SP5/python-cmarkgfm openSUSE:Factory/python-cmarkgfm SUSE:ALP:Source:Standard:0.1/python-cmarkgfm Not affected: SUSE:SLE-15-SP4:Update/cmark openSUSE:Factory/cmark There's 3 relevant fixes [0] [1] [2] in the update [3]. [0] https://github.com/github/cmark-gfm/commit/1d17fa9d5af3215b9c969c66aa2fe22a1030b8a1 [1] https://github.com/github/cmark-gfm/commit/5e8ad61d0a79eb7f7b8ae0863e2ee19387f734f0 [2] https://github.com/github/cmark-gfm/commit/2c5212e0508bbf19e9c7ec9de366b792cbdd6556 [3] https://github.com/github/cmark-gfm/compare/0.29.0.gfm.11...0.29.0.gfm.12
This is an autogenerated message for OBS integration: This bug (1213317) was mentioned in https://build.opensuse.org/request/show/1103806 Factory / python-cmarkgfm
all submitted (thanks Daniel!) also submitted for SLE15.
Done, closing.