Open danielpyon opened 1 year ago
did you request a CVE ID for this @danielpyon
@attritionorg Yes, I filed for an EOL CVE last week. Unfortunately, there has been no response so far.
For third-party tracking purposes, can you please share that ID? Thanks!
@attritionorg I don't think I've been assigned an ID yet, but I will share it once I get one.
@attritionorg
CVE-2023-41458 (use after free)
CVE-2023-41459 (stack overflow)
CVE-2023-41460 (heap buffer overflow)
CVE-2023-41461 (null pointer dereference)
Excellent, thank you @danielpyon!
Problem Description
Note: I am aware that this project is unmaintained. However, I am still opening this issue to follow CVE's guidelines for EOL software.
There is a heap use after free in the
free_element_list
function when the parser handles a specially crafted Markdown file. Here is a minimized proof-of-concept Markdown file that triggers the bug: min_heap_uaf.md. The output is as follows:Reproduction Steps
CC=afl-clang-fast AFL_USE_ASAN=1 make
../markdown -x min_heap_uaf.md
(use the proof-of-concept file attached to this report).