CVE-2020-5238: Denial of service in table parsing in cmark-gfm

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-5238

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Denial of service in table parsing in cmark-gfm

Source: NVD (National Vulnerability Database)

Vulnerability Description

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

GitHub Flavored Markdown 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GitHub Flavored Markdown是美国GitHub公司的一款使用在C语言中的CommonMark解析和渲染库。 GitHub Flavored Markdown 0.29.0.gfm.1之前版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
github	cmark-gfm	< 0.29.0.gfm.1	-

II. Public POCs for CVE-2020-5238

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-5238

Please Login to view more intelligence information

https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4x_refsource_MISC
https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGJH2A4VAV54X6NSCNNGSEIGIIY5N2VR/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMQFOQQCWOAMQ4I2XIVCVOXXIJ75HDCW/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCDHBTUFIOYRIS5HAS6PZNBNMB7IOAX3/vendor-advisoryx_refsource_FEDORA
https://nvd.nist.gov/vuln/detail/CVE-2020-5238

IV. Related Vulnerabilities

Same product: cmark-gfm

Same vendor: github

Same weakness: CWE-20

V. Comments for CVE-2020-5238

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2020-5238

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-5238

III. Intelligence Information for CVE-2020-5238

IV. Related Vulnerabilities

V. Comments for CVE-2020-5238

Leave a comment