2175697 – (CVE-2023-26302) CVE-2023-26302 markdown-it-py: Denial of service in the command line interface due to invalid UTF-8 characters as input.

Bug 2175697 (CVE-2023-26302) - CVE-2023-26302 markdown-it-py: Denial of service in the command line interface due to invalid UTF-8 characters as input.

Summary: CVE-2023-26302 markdown-it-py: Denial of service in the command line interfac...

Keywords:
Status:	NEW
Alias:	CVE-2023-26302
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2175702 2175701 2177154
Blocks:	Embargoed2172788
TreeView+	depends on / blocked

Reported:	2023-03-06 11:09 UTC by Vipul Nair
Modified:	2023-05-02 17:08 UTC (History)
CC List:	20 users (show)
Fixed In Version:	markdown-it-py 2.2.0
Doc Type:	If docs needed, set a value
Doc Text:	A denial of service vulnerability exists in markdown-it-py.An attacker could craft a payload with invalid UTF-8 characters as input to cause a crash thereby affecting the availability
Clone Of:
Environment:
Last Closed:

Attachments	(Terms of Use)

Description Vipul Nair 2023-03-06 11:09:53 UTC

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c

Comment 1 Vipul Nair 2023-03-06 11:17:53 UTC

Created ansible-lint tracking bugs for this issue:

Affects: fedora-all [bug 2175701]


Created python-ansible-compat tracking bugs for this issue:

Affects: fedora-all [bug 2175702]

Comment 2 Maxwell G 2023-03-06 17:39:38 UTC

Why were bugs opened against ansible-lint and python-ansible-compat when this is a problem with python-markdown-it-py? No bugs were opened against python-markdown-it-py.

Comment 3 Vipul Nair 2023-03-10 08:18:35 UTC

you are right,fixed it.Thanks

Comment 4 Vipul Nair 2023-03-10 08:20:00 UTC

Created python-markdown-it-py tracking bugs for this issue:

Affects: fedora-all [bug 2177154]

Note You need to log in before you can comment on or make changes to this bug.

adudiak
bcoca
cwelton
davidn
epacific
jcammara
jhardy
jneedle
jobarker
kshier
mabashia
maxwell
osapryki
simaishi
smcdonal
stcannon
teagle
tfister
yguenane
zsadeh