Upstream information

CVE-2021-26813 at MITRE

Description

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	7.5
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1183171 [IN_PROGRESS]

SUSE Security Advisories:

openSUSE-SU-2021:0429-1, published Tue Mar 16 21:38:43 2021
openSUSE-SU-2021:0451-1, published Sat Mar 20 03:38:01 2021

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP2	`python2-markdown2 >= 2.4.0-bp152.2.4.1` `python3-markdown2 >= 2.4.0-bp152.2.4.1`	Patchnames: openSUSE-2021-451
openSUSE Leap 15.2	`python2-markdown2 >= 2.4.0-lp152.2.3.1` `python3-markdown2 >= 2.4.0-lp152.2.3.1`	Patchnames: openSUSE-2021-429
openSUSE Tumbleweed	`python310-markdown2 >= 2.4.13-1.2` `python311-markdown2 >= 2.4.13-1.2` `python312-markdown2 >= 2.4.13-1.2` `python36-markdown2 >= 2.4.0-2.4` `python38-markdown2 >= 2.4.0-2.4` `python39-markdown2 >= 2.4.0-2.4`	Patchnames: openSUSE-Tumbleweed-2024-11237 openSUSE-Tumbleweed-2024-14146

SUSE Timeline for this CVE

CVE page created: Wed Mar 3 18:28:45 2021
CVE page last modified: Tue Sep 3 19:20:00 2024