CVE-2024-44337 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-44337 at MITRE

Description

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail	CNA (CISA-ADP)
Base Score	5.1
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector	Local
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	Low
Availability Impact	Low
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1231713 [NEW]

SUSE Security Advisories:

openSUSE-SU-2024:14599-1, published Thu Dec 19 18:51:14 2024
openSUSE-SU-2025:14753-1, published Mon Feb 10 18:50:11 2025

List of released packages

Product(s)	Fixed package version(s)	References
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow	`less >= 633-3.1`
Image SLE-Micro-BYOS-EC2 Image SLE-Micro-EC2	`cloud-netconfig-ec2 >= 1.15-slfo.1.1_1.1` `less >= 633-3.1`
Image SLE-Micro-BYOS-GCE Image SLE-Micro-GCE	`cloud-netconfig-gce >= 1.15-slfo.1.1_1.1` `less >= 633-3.1`
Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure	`cloud-netconfig-azure >= 1.15-slfo.1.1_1.1` `less >= 633-3.1`
SUSE Linux Enterprise Server 16.0	`govulncheck-vulndb >= 0.0.20250814T182633-160000.1.2`	Patchnames: SUSE Linux Enterprise Server 16.0 GA govulncheck-vulndb-0.0.20250814T182633-160000.1.2
openSUSE Tumbleweed	`fq >= 0.14.0-1.1` `govulncheck-vulndb >= 0.0.20241213T205935-1.1`	Patchnames: openSUSE-Tumbleweed-2024-14599 openSUSE-Tumbleweed-2025-14753

SUSE Timeline for this CVE

CVE page created: Wed Oct 16 00:00:15 2024
CVE page last modified: Sat Nov 8 21:40:32 2025