Impact
A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service.
Proof of concept
python3 -c 'print("![[]()" * 10000)' | cmark-gfmIncreasing the number 10000 in the above command causes the running time to increase quadratically.
Patches
This vulnerability has been patched in 0.29.0.gfm.7.
Note on cmark and cmark-gfm
cmark-gfm is a fork of cmark that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. This bug affects both codebases. We would like to thank @jgm for his help with fixing and disclosing this bug.
Credit
We would like to thank @jgm for implementing the fix for this bug.
References
https://en.wikipedia.org/wiki/Time_complexity
For more information
If you have any questions or comments about this advisory:
kevinbackhouse Analyst
Impact
A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service.
Proof of concept
Increasing the number 10000 in the above command causes the running time to increase quadratically.
Patches
This vulnerability has been patched in
0.29.0.gfm.7.Note on cmark and cmark-gfm
cmark-gfm is a fork of cmark that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. This bug affects both codebases. We would like to thank @jgm for his help with fixing and disclosing this bug.
Credit
We would like to thank @jgm for implementing the fix for this bug.
References
https://en.wikipedia.org/wiki/Time_complexity
For more information
If you have any questions or comments about this advisory: