What is CVE-2023-42821?

CVE-2023-42821 is a high-severity vulnerability in Gomarkdown Markdown, classified under Out-of-bounds Read. CVSS score: 7.5/10. Published 2023-09-22.

How severe is CVE-2023-42821?

High severity. CVSS v3 base score is 7.5 out of 10.

Out-of-bounds Read in Gomarkdown Markdown

CVE-2023-42821

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a889…

Vulnerability class: Buffer Overflow

EPSS: 0.005 (65.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Gomarkdown Markdown — versions < 0.0.0-20230922105210-14b16010c2ee

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2 (x_refsource_CONFIRM)
https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940 (x_refsource_MISC)
https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-42821?: CVE-2023-42821 is a high-severity vulnerability in Gomarkdown Markdown, classified under Out-of-bounds Read. CVSS score: 7.5/10. Published 2023-09-22.
How severe is CVE-2023-42821?: High severity. CVSS v3 base score is 7.5 out of 10.