Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7319-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.12.2025.7319.1

Categoría: Ubuntu Local Security Checks

Título: Ubuntu: Security Advisory (USN-7319-1)

Resumen: The remote host is missing an update for the 'cmark-gfm' package(s) announced via the USN-7319-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cmark-gfm' package(s) announced via the USN-7319-1 advisory.

Vulnerability Insight:
It was discovered that cmark-gfm's autolink extension did not correctly
handle parsing large inputs. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-39209)

It was discovered that cmark-gfm did not correctly handle parsing large
inputs. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2023-22483)

It was discovered that cmark-gfm did not correctly handle parsing large
inputs. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2023-22484)

It was discovered that cmark-gfm did not correctly handle parsing large
inputs. An attacker could possibly use this issue to cause a denial of
service. (CVE-2023-22486, CVE-2023-26485)

Affected Software/OS:
'cmark-gfm' package(s) on Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-39209
https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMGP65NANDVKPDMXMKYO2ZV2H2HZJY4P/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEAAAI4OULDYQ2TA3HOXH54PC3DCBFZS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUCZN3PEKUCT2JQYQTYOVIJG2KSD6G7/
https://en.wikipedia.org/wiki/Time_complexity
https://github.com/github/cmark-gfm/commit/9d57d8a23142b316282bdfc954cb0ecda40a8655
Common Vulnerability Exposure (CVE) ID: CVE-2023-22483
https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c
Common Vulnerability Exposure (CVE) ID: CVE-2023-22484
https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r
Common Vulnerability Exposure (CVE) ID: CVE-2023-22486
https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p
Common Vulnerability Exposure (CVE) ID: CVE-2023-26485
https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.12.2025.7319.1
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-7319-1)
Resumen:	The remote host is missing an update for the 'cmark-gfm' package(s) announced via the USN-7319-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cmark-gfm' package(s) announced via the USN-7319-1 advisory. Vulnerability Insight: It was discovered that cmark-gfm's autolink extension did not correctly handle parsing large inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39209) It was discovered that cmark-gfm did not correctly handle parsing large inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2023-22483) It was discovered that cmark-gfm did not correctly handle parsing large inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2023-22484) It was discovered that cmark-gfm did not correctly handle parsing large inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-22486, CVE-2023-26485) Affected Software/OS: 'cmark-gfm' package(s) on Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-39209 https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMGP65NANDVKPDMXMKYO2ZV2H2HZJY4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEAAAI4OULDYQ2TA3HOXH54PC3DCBFZS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUCZN3PEKUCT2JQYQTYOVIJG2KSD6G7/ https://en.wikipedia.org/wiki/Time_complexity https://github.com/github/cmark-gfm/commit/9d57d8a23142b316282bdfc954cb0ecda40a8655 Common Vulnerability Exposure (CVE) ID: CVE-2023-22483 https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c Common Vulnerability Exposure (CVE) ID: CVE-2023-22484 https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r Common Vulnerability Exposure (CVE) ID: CVE-2023-22486 https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p Common Vulnerability Exposure (CVE) ID: CVE-2023-26485 https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
Copyright	Copyright (C) 2025 Greenbone AG