Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-44337 PoC — Markdown 安全漏洞

Source
https://github.com/Brinmon/CVE-2024-44337
Associated Vulnerability
Title:Markdown 安全漏洞 (CVE-2024-44337)
Description:Markdown是gomarkdown开源的一个用于解析 Markdown 文本并渲染为 HTML 的 Go 库。 Markdown存在安全漏洞,该漏洞源于parser/block.go文件的paragraph函数中存在逻辑问题。
Description
CVE-2024-44337 POC  The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely.
Readme
# CVE-2024-44337
CVE-2024-44337 POC  The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely.

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

# About
Link:
- ["Program Hanged (Timeout 10 Seconds)" Found Using go-fuzz in gomarkdown/markdown · Issue #311 · gomarkdown/markdown (github.com)](https://github.com/gomarkdown/markdown/issues/311)
- [fix infinite loop with empty list definition (fixes #311) · gomarkdown/markdown@a2a9c4f (github.com)](https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252)

# README.
- zh_CN [简体中文](readme/README.zh_CN.md)
File Snapshot

 [4.0K]  /data/pocs/48be3d731b39fd2a96f27950f3f0bd8547167fb8
├── [4.0K]  crashers
│   ├── [  26]  6352b36848220fd923515ee94b6a90237024e28b
│   ├── [4.8K]  6352b36848220fd923515ee94b6a90237024e28b.output
│   └── [  48]  6352b36848220fd923515ee94b6a90237024e28b.quoted
├── [4.0K]  exp
│   └── [ 381]  fuzz.go
├── [4.0K]  readme
│   └── [ 634]  README.zh_CN.md
└── [1.4K]  README.md

3 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.