Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-42821 : github.com/gomarkdown/markdown parsing malformed markdown #1335

Closed
zafs23 opened this issue Sep 23, 2023 · 2 comments · Fixed by #1336
Closed

CVE-2023-42821 : github.com/gomarkdown/markdown parsing malformed markdown #1335

zafs23 opened this issue Sep 23, 2023 · 2 comments · Fixed by #1336
Assignees
@yangjunmyfm192085
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@zafs23
Copy link

zafs23 commented Sep 23, 2023
edited
Loading

What happened: Parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability.
NIST rating medium

What you expected to happen:

Anything else we need to know?:
To exploit the vulnerability, parser needs to have parser.Mmark extension set. The panic occurs inside the citation.go file on the line 69 when the parser tries to access the element past its length.

https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69

Environment:

  • Kubernetes distribution (GKE, EKS, Kubeadm, the hard way, etc.):

  • Container Network Setup (flannel, calico, etc.):

  • Kubernetes version (use kubectl version): 1.23 -1.28

  • Metrics Server Version: v0.6.4

  • Metrics Server manifest

spoiler for Metrics Server manifest:
  • Kubelet config:
spoiler for Kubelet config:
  • Metrics server logs:
spoiler for Metrics Server logs:
  • Status of Metrics API:
spolier for Status of Metrics API: 
kubectl describe apiservice v1beta1.metrics.k8s.io

/kind bug
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Sep 23, 2023
This was referenced Sep 23, 2023
Merged
Closed
@yangjunmyfm192085
Copy link
Contributor

/assign

@dashpole
Copy link

dashpole commented Oct 5, 2023

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yangjunmyfm192085 yangjunmyfm192085

Labels
kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix markdown cve yangjunmyfm192085/metrics-server
4 participants
@dashpole @k8s-ci-robot @zafs23 @yangjunmyfm192085