2271609 – (CVE-2024-28243) CVE-2024-28243 katex: malicious input using `\edef` that causes a near-infinite loop

Bug 2271609 (CVE-2024-28243) - CVE-2024-28243 katex: malicious input using `\edef` that causes a near-infinite loop

Summary: CVE-2024-28243 katex: malicious input using `\edef` that causes a near-infini...

Keywords:
Status:	NEW
Alias:	CVE-2024-28243
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2271610 2271611
Blocks:
TreeView+	depends on / blocked

Reported:	2024-03-26 14:06 UTC by Rohit Keshri
Modified:	2024-03-26 14:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2024-03-26 14:06:42 UTC

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w

Comment 1 Rohit Keshri 2024-03-26 14:07:05 UTC

Created h3 tracking bugs for this issue:

Affects: fedora-all [bug 2271610]


Created marker tracking bugs for this issue:

Affects: fedora-all [bug 2271611]

Note You need to log in before you can comment on or make changes to this bug.