Impact
The table extension in GitHub Flavored Markdown takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project.
Patches
The issue has been fixed in 0.29.0.gfm.1
Workarounds
There are no known workarounds
References
Detected by Jonas Wagner at Google by #autofuzz: https://google.github.io/oss-fuzz/
Impact
The table extension in GitHub Flavored Markdown takes
O(n * n)time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project.Patches
The issue has been fixed in
0.29.0.gfm.1Workarounds
There are no known workarounds
References
Detected by Jonas Wagner at Google by #autofuzz: https://google.github.io/oss-fuzz/