Bug 2240266 (CVE-2023-42821) - CVE-2023-42821 gomarkdown-markdown: Out-of-bounds Read while parsing citations
Summary: CVE-2023-42821 gomarkdown-markdown: Out-of-bounds Read while parsing citations
Keywords:
Status: NEW
Alias: CVE-2023-42821
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2240267
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-09-22 19:18 UTC by Pedro Sampaio
Modified: 2023-09-22 19:18 UTC (History)
0 users

Fixed In Version: gomarkdown-markdown commit 14b1601
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-09-22 19:18:32 UTC 
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.

https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2
https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69
https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940
Comment 1 Pedro Sampaio 2023-09-22 19:18:46 UTC 
Created golang-github-gomarkdown-markdown tracking bugs for this issue:

Affects: fedora-all [bug 2240267]
Note You need to log in before you can comment on or make changes to this bug.