Skip to content

Commit

Permalink
add fix versions for CVE-2023-42821
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Dec 6, 2024
1 parent 45b2e62 commit 84ee720
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions data/anchore/2023/CVE-2023-42821.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"additionalMetadata": {
"cna": "github_m",
"cveId": "CVE-2023-42821",
"description": "The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.",
"reason": "Add fix versions",
"references": [
"https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69",
"https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940",
"https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"cpes": [
"cpe:2.3:a:gomarkdown:markdown:*:*:*:*:*:go:*:*"
],
"packageName": "github.com/gomarkdown/markdown",
"packageType": "go-module",
"product": "markdown",
"repo": "https://github.com/gomarkdown/markdown",
"vendor": "gomarkdown",
"versions": [
{
"lessThan": "0.0.0-20230922105210-14b16010c2ee",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}

0 comments on commit 84ee720

Please sign in to comment.